Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
patchinfo.890
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.890
<patchinfo incident="890"> <issue id="903649" tracker="bnc">openssh: hardening patch to fix sftp rce</issue> <issue id="936695" tracker="bnc">CVE-2015-5352: openssh: XSECURITY restrictions bypass</issue> <issue id="938746" tracker="bnc">CVE-2015-5600: openssh: Keyboard-interactive authentication brute force vulnerability</issue> <issue id="932483" tracker="bnc">openssh: The Logjam Attack / weakdh.org</issue> <issue id="943006" tracker="bnc"></issue> <issue id="943010" tracker="bnc"></issue> <issue id="CVE-2015-5352" tracker="cve" /> <issue id="CVE-2015-5600" tracker="cve" /> <issue id="CVE-2015-4000" tracker="cve" /> <issue id="CVE-2015-6563" tracker="cve" /> <issue id="CVE-2015-6564" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>pcerny</packager> <description> openssh was updated to fix several security issues. These security issues were fixed: * CVE-2015-5352: The x11_open_helper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695). * CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746). * CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM (bsc#932483). * Hardening patch to fix sftp RCE (bsc#903649). * CVE-2015-6563: The monitor component in sshd in OpenSSH accepted extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. (bsc#943010) * CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. (bsc#943006) Also use %restart_on_update in the trigger script. </description> <summary>Security update for openssh</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
