Mailinglist Archive: opensuse-updates (120 mails)

< Previous Next >
openSUSE-SU-2013:1696-1: moderate: update for dropbear
openSUSE Security Update: update for dropbear

Announcement ID: openSUSE-SU-2013:1696-1
Rating: moderate
References: #845306
Cross-References: CVE-2013-4421 CVE-2013-4434
Affected Products:
openSUSE 13.1

An update that fixes two vulnerabilities is now available.


dropbear was updated to version 2013.60 to fix following
* Fix "make install" so that it doesn't always install to
/bin and /sbin
* Fix "make install MULTI=1", installing manpages failed
* Fix "make install" when scp is included since it has no
* Make --disable-bundled-libtom work
- used as bug fix release for bnc#845306 - VUL-0:
CVE-2013-4421 and CVE-2013-4434

- provided links for download sources
- employed gpg-offline - verify sources

- imported upstream version 2013.59
* Fix crash from -J command Thanks to Lluís Batlle i
Rossell and Arnaud Mouiche for patches
* Avoid reading too much from /proc/net/rt_cache since
that causes system slowness.
* Improve EOF handling for half-closed connections Thanks
to Catalin Patulea
* Send a banner message to report PAM error messages
intended for the user Patch from Martin Donnelly
* Limit the size of decompressed payloads, avoids memory
exhaustion denial of service Thanks to Logan Lamb for
reporting and investigating it
* Avoid disclosing existence of valid users through
inconsistent delays Thanks to Logan Lamb for reporting
* Update config.guess and config.sub for newer
* Avoid segfault in server for locked accounts
* "make install" now installs manpages dropbearkey.8 has
been renamed to dropbearkey.1 manpage added for
* Get rid of one second delay when running
non-interactive commands

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2013-839

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 13.1 (i586 x86_64):



< Previous Next >
This Thread
  • No further messages