SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1581-1 Rating: important References: #673532 #903649 #905118 #914309 #916549 #932483 #936695 #938746 #943006 #943010 #945493 Cross-References: CVE-2015-4000 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 6 fixes is now available. Description: openssh was updated to fix several security issues and bugs. These security issues were fixed: * CVE-2015-5352: The x11_open_helper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695). * CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746). * CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM (bsc#932483). * Hardening patch to fix sftp RCE (bsc#903649). * CVE-2015-6563: The monitor component in sshd in OpenSSH accepted extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. * CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. These non-security issues were fixed: - bsc#914309: sshd inherits oom_adj -17 on SIGHUP causing DoS potential for oom_killer. - bsc#673532: limits.conf fsize change in SLES10SP3 causing problems to WebSphere mqm user. - bsc#916549: Fixed support for aesXXX-gcm@openssh.com. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-openssh-12096=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-openssh-12096=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-openssh-12096=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssh-12096=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): openssh-6.2p2-0.21.1 openssh-askpass-6.2p2-0.21.1 openssh-askpass-gnome-6.2p2-0.21.3 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): openssh-6.2p2-0.21.1 openssh-askpass-6.2p2-0.21.1 openssh-askpass-gnome-6.2p2-0.21.3 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): openssh-6.2p2-0.21.1 openssh-askpass-6.2p2-0.21.1 openssh-askpass-gnome-6.2p2-0.21.3 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): openssh-askpass-gnome-debuginfo-6.2p2-0.21.3 openssh-debuginfo-6.2p2-0.21.1 openssh-debugsource-6.2p2-0.21.1 References: https://www.suse.com/security/cve/CVE-2015-4000.html https://www.suse.com/security/cve/CVE-2015-5352.html https://www.suse.com/security/cve/CVE-2015-5600.html https://www.suse.com/security/cve/CVE-2015-6563.html https://www.suse.com/security/cve/CVE-2015-6564.html https://bugzilla.suse.com/673532 https://bugzilla.suse.com/903649 https://bugzilla.suse.com/905118 https://bugzilla.suse.com/914309 https://bugzilla.suse.com/916549 https://bugzilla.suse.com/932483 https://bugzilla.suse.com/936695 https://bugzilla.suse.com/938746 https://bugzilla.suse.com/943006 https://bugzilla.suse.com/943010 https://bugzilla.suse.com/945493 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org