OVAL Reference oval:org.opensuse.security:def:53188

Oval Definition:

oval:org.opensuse.security:def:53188

Revision Date:	2020-12-01	Version:	1
Title:	Security update for openssh (Moderate)
Description:	This update for openssh fixes the following issues: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or 'oracle') as a vulnerability. (bsc#1106163) - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) The following non-security issues were fixed: - Stop leaking File descriptors (bsc#964336) - sftp-client.c returns wrong error code upon failure (bsc#1091396) - added pam_keyinit to pam configuration file (bsc#1081947)
Family:	unix	Class:	patch
Status:		Reference(s):	1005522 1005523 1005524 1005525 1005526 1005527 1005528 1007501 1007766 1037559 1081947 1091396 1105010 1106163 1132501 800024 920870 954980 962075 964336 988651 CVE-2009-0696 CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2009-4022 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2010-0926 CVE-2010-1635 CVE-2010-1642 CVE-2010-2063 CVE-2010-2242 CVE-2010-3069 CVE-2010-3613 CVE-2010-3614 CVE-2010-3615 CVE-2011-0414 CVE-2011-0523 CVE-2011-0524 CVE-2011-0719 CVE-2011-1146 CVE-2011-1907 CVE-2011-1910 CVE-2011-2464 CVE-2011-2511 CVE-2011-2522 CVE-2011-2694 CVE-2011-4313 CVE-2011-4600 CVE-2012-0817 CVE-2012-0870 CVE-2012-1182 CVE-2012-1667 CVE-2012-2111 CVE-2012-3445 CVE-2012-3817 CVE-2012-3868 CVE-2012-4244 CVE-2012-5166 CVE-2012-5688 CVE-2012-5689 CVE-2012-6150 CVE-2013-0170 CVE-2013-0172 CVE-2013-0211 CVE-2013-0213 CVE-2013-0214 CVE-2013-0454 CVE-2013-1863 CVE-2013-1962 CVE-2013-2218 CVE-2013-2230 CVE-2013-2266 CVE-2013-4124 CVE-2013-4153 CVE-2013-4154 CVE-2013-4239 CVE-2013-4296 CVE-2013-4297 CVE-2013-4311 CVE-2013-4399 CVE-2013-4400 CVE-2013-4401 CVE-2013-4408 CVE-2013-4475 CVE-2013-4476 CVE-2013-4496 CVE-2013-4854 CVE-2013-6436 CVE-2013-6442 CVE-2013-6457 CVE-2013-6458 CVE-2014-0028 CVE-2014-0178 CVE-2014-0179 CVE-2014-0239 CVE-2014-0244 CVE-2014-0591 CVE-2014-1447 CVE-2014-3158 CVE-2014-3493 CVE-2014-3560 CVE-2014-3633 CVE-2014-3657 CVE-2014-7823 CVE-2014-8136 CVE-2014-8143 CVE-2014-8500 CVE-2014-8962 CVE-2014-9028 CVE-2015-0236 CVE-2015-0240 CVE-2015-1349 CVE-2015-2304 CVE-2015-3223 CVE-2015-4620 CVE-2015-5185 CVE-2015-5247 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5313 CVE-2015-5330 CVE-2015-5370 CVE-2015-5477 CVE-2015-5722 CVE-2015-7560 CVE-2015-8000 CVE-2015-8126 CVE-2015-8467 CVE-2015-8543 CVE-2015-8704 CVE-2016-0728 CVE-2016-0771 CVE-2016-1285 CVE-2016-1286 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2115 CVE-2016-2118 CVE-2016-2119 CVE-2016-2775 CVE-2016-2776 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 CVE-2016-6153 CVE-2016-6170 CVE-2016-7032 CVE-2016-7076 CVE-2016-8864 CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 CVE-2017-3135 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 CVE-2017-3142 CVE-2017-3143 CVE-2017-8779 CVE-2018-15473 CVE-2018-15919 CVE-2019-10691 SUSE-SU-2015:0667-1 SUSE-SU-2016:0041-1 SUSE-SU-2016:0205-1 SUSE-SU-2016:2887-1 SUSE-SU-2016:2893-1 SUSE-SU-2017:1306-1 SUSE-SU-2018:3686-1 SUSE-SU-2019:0997-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 6-LTSS SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND libXRes1-1.2.0-lp150.1 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information python-ecdsa-0.13.3-lp151.3.3 is installed OR python2-ecdsa-0.13.3-lp151.3.3 is installed OR python3-ecdsa-0.13.3-lp151.3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP2 is installed AND usbmuxd-1.0.7-5.10 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information MozillaFirefox-24.8.0esr-0.8 is installed OR MozillaFirefox-translations-24.8.0esr-0.8 is installed OR libfreebl3-3.16.4-0.8 is installed OR libfreebl3-32bit-3.16.4-0.8 is installed OR libsoftokn3-3.16.4-0.8 is installed OR libsoftokn3-32bit-3.16.4-0.8 is installed OR mozilla-nspr-4.10.7-0.3 is installed OR mozilla-nspr-32bit-4.10.7-0.3 is installed OR mozilla-nss-3.16.4-0.8 is installed OR mozilla-nss-32bit-3.16.4-0.8 is installed OR mozilla-nss-tools-3.16.4-0.8 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information curl-7.19.7-1.46 is installed OR libcurl4-7.19.7-1.46 is installed OR libcurl4-32bit-7.19.7-1.46 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND Package Information libarchive-3.1.2-9 is installed OR libarchive13-3.1.2-9 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information libpng15-1.5.22-4 is installed OR libpng15-15-1.5.22-4 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information libdcerpc-binding0-4.4.2-29 is installed OR libdcerpc-binding0-32bit-4.4.2-29 is installed OR libdcerpc0-4.4.2-29 is installed OR libdcerpc0-32bit-4.4.2-29 is installed OR libndr-krb5pac0-4.4.2-29 is installed OR libndr-krb5pac0-32bit-4.4.2-29 is installed OR libndr-nbt0-4.4.2-29 is installed OR libndr-nbt0-32bit-4.4.2-29 is installed OR libndr-standard0-4.4.2-29 is installed OR libndr-standard0-32bit-4.4.2-29 is installed OR libndr0-4.4.2-29 is installed OR libndr0-32bit-4.4.2-29 is installed OR libnetapi0-4.4.2-29 is installed OR libnetapi0-32bit-4.4.2-29 is installed OR libsamba-credentials0-4.4.2-29 is installed OR libsamba-credentials0-32bit-4.4.2-29 is installed OR libsamba-errors0-4.4.2-29 is installed OR libsamba-errors0-32bit-4.4.2-29 is installed OR libsamba-hostconfig0-4.4.2-29 is installed OR libsamba-hostconfig0-32bit-4.4.2-29 is installed OR libsamba-passdb0-4.4.2-29 is installed OR libsamba-passdb0-32bit-4.4.2-29 is installed OR libsamba-util0-4.4.2-29 is installed OR libsamba-util0-32bit-4.4.2-29 is installed OR libsamdb0-4.4.2-29 is installed OR libsamdb0-32bit-4.4.2-29 is installed OR libsmbclient0-4.4.2-29 is installed OR libsmbclient0-32bit-4.4.2-29 is installed OR libsmbconf0-4.4.2-29 is installed OR libsmbconf0-32bit-4.4.2-29 is installed OR libsmbldap0-4.4.2-29 is installed OR libsmbldap0-32bit-4.4.2-29 is installed OR libtevent-util0-4.4.2-29 is installed OR libtevent-util0-32bit-4.4.2-29 is installed OR libwbclient0-4.4.2-29 is installed OR libwbclient0-32bit-4.4.2-29 is installed OR samba-4.4.2-29 is installed OR samba-client-4.4.2-29 is installed OR samba-client-32bit-4.4.2-29 is installed OR samba-doc-4.4.2-29 is installed OR samba-libs-4.4.2-29 is installed OR samba-libs-32bit-4.4.2-29 is installed OR samba-winbind-4.4.2-29 is installed OR samba-winbind-32bit-4.4.2-29 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information bind-libs-9.9.9P1-62 is installed OR bind-libs-32bit-9.9.9P1-62 is installed OR bind-utils-9.9.9P1-62 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND libgypsy0-0.9-6 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information openssh-7.6p1-9.3 is installed OR openssh-fips-7.6p1-9.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information DirectFB-1.7.1-4 is installed OR lib++dfb-1_7-1-1.7.1-4 is installed OR libdirectfb-1_7-1-1.7.1-4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_85-default-2-2 is installed OR kgraft-patch-3_12_74-60_64_85-xen-2-2 is installed OR kgraft-patch-SLE12-SP1_Update_26-2-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND gd-2.1.0-12 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information python-cryptography-1.3.1-7.13 is installed OR python-pyOpenSSL-16.0.0-4.11 is installed OR python-setuptools-18.0.1-4.8 is installed OR python3-cryptography-1.3.1-7.13 is installed OR python3-pyOpenSSL-16.0.0-4.11 is installed OR python3-setuptools-18.0.1-4.8 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_103-92_56-default-12-2 is installed OR kgraft-patch-SLE12-SP2_Update_17-12-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_114-92_64-default-7-2 is installed OR kgraft-patch-SLE12-SP2_Update_18-7-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND apache2-mod_perl-2.0.8-11 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libssh2-1-1.4.3-20.9 is installed OR libssh2-1-32bit-1.4.3-20.9 is installed OR libssh2_org-1.4.3-20.9 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information java-1_8_0-ibm-1.8.0_sr5.40-30.54 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information MozillaFirefox-60.8.0-109.83 is installed OR MozillaFirefox-translations-common-60.8.0-109.83 is installed OR libfreebl3-3.44.1-58.28 is installed OR libfreebl3-32bit-3.44.1-58.28 is installed OR libfreebl3-hmac-3.44.1-58.28 is installed OR libfreebl3-hmac-32bit-3.44.1-58.28 is installed OR libsoftokn3-3.44.1-58.28 is installed OR libsoftokn3-32bit-3.44.1-58.28 is installed OR libsoftokn3-hmac-3.44.1-58.28 is installed OR libsoftokn3-hmac-32bit-3.44.1-58.28 is installed OR mozilla-nss-3.44.1-58.28 is installed OR mozilla-nss-32bit-3.44.1-58.28 is installed OR mozilla-nss-certs-3.44.1-58.28 is installed OR mozilla-nss-certs-32bit-3.44.1-58.28 is installed OR mozilla-nss-sysinit-3.44.1-58.28 is installed OR mozilla-nss-sysinit-32bit-3.44.1-58.28 is installed OR mozilla-nss-tools-3.44.1-58.28 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libdcerpc-binding0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libdcerpc-binding0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libdcerpc0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libdcerpc0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr-krb5pac0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr-krb5pac0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr-nbt0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr-nbt0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr-standard0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr-standard0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libnetapi0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libnetapi0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-credentials0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-credentials0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-errors0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-errors0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-hostconfig0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-hostconfig0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-passdb0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-passdb0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-util0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-util0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamdb0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamdb0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsmbclient0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsmbclient0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsmbconf0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsmbconf0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsmbldap0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsmbldap0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libtevent-util0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libtevent-util0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libwbclient0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libwbclient0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-client-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-client-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-doc-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-libs-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-libs-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-winbind-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-winbind-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information bluez-5.13-5.4 is installed OR libbluetooth3-5.13-5.4 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND ruby2.1-rubygem-activerecord-4_2-4.2.2-5 is installed
Definition Synopsis
SUSE OpenStack Cloud 6-LTSS is installed AND Package Information containerd-1.2.2-16.14 is installed OR docker-18.09.1_ce-98.34 is installed OR docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16 is installed OR docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17 is installed OR golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information git-2.12.3-27.17 is installed OR git-core-2.12.3-27.17 is installed OR git-doc-2.12.3-27.17 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information pdns-4.1.2-3.3 is installed OR pdns-backend-mysql-4.1.2-3.3 is installed
Definition Synopsis
SUSE OpenStack Cloud 9 is installed AND python-SQLAlchemy-1.2.10-3.3 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information glib2-2.48.2-12.15 is installed OR glib2-lang-2.48.2-12.15 is installed OR glib2-tools-2.48.2-12.15 is installed OR libgio-2_0-0-2.48.2-12.15 is installed OR libgio-2_0-0-32bit-2.48.2-12.15 is installed OR libglib-2_0-0-2.48.2-12.15 is installed OR libglib-2_0-0-32bit-2.48.2-12.15 is installed OR libgmodule-2_0-0-2.48.2-12.15 is installed OR libgmodule-2_0-0-32bit-2.48.2-12.15 is installed OR libgobject-2_0-0-2.48.2-12.15 is installed OR libgobject-2_0-0-32bit-2.48.2-12.15 is installed OR libgthread-2_0-0-2.48.2-12.15 is installed OR libgthread-2_0-0-32bit-2.48.2-12.15 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.8 is installed OR rubygem-rails-html-sanitizer-1.0.3-8.8 is installed

BACK