Oval Definition:	oval:org.opensuse.security:def:55586
Revision Date: 2020-12-01 Version: 1 Title: Security update for openssh (Moderate) Description: openssh was updated to fix several security issues. These security issues were fixed: * CVE-2015-5352: The x11_open_helper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695). * CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746). * CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM (bsc#932483). * Hardening patch to fix sftp RCE (bsc#903649). * CVE-2015-6563: The monitor component in sshd in OpenSSH accepted extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. (bsc#943010) * CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. (bsc#943006) Also use %restart_on_update in the trigger script. Family: unix Class: patch Status: Reference(s): 1000677 1001912 1004499 1005878 1019334 1021641 1022085 1022271 1024218 1055047 1056336 1061075 1061081 1061086 1063123 1068187 1068191 1081557 1109893 1110542 1111319 1112911 1113296 1117951 1120629 1120630 1120631 1127155 1129180 1131823 1131863 1131945 1134156 1134226 1137977 1140359 1146882 1146884 840510 844175 868603 903649 928193 932483 936695 938746 943006 943010 949160 951734 951735 956018 956021 956260 957105 957106 957107 957109 957110 960319 978061 CVE-2011-1946 CVE-2011-3602 CVE-2013-4351 CVE-2013-4402 CVE-2014-1493 CVE-2014-1494 CVE-2014-1496 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1501 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 CVE-2015-1819 CVE-2015-4000 CVE-2015-5312 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7555 CVE-2015-7941 CVE-2015-7942 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 CVE-2016-2108 CVE-2016-2183 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2016-7056 CVE-2016-8610 CVE-2017-13672 CVE-2017-15289 CVE-2017-15592 CVE-2017-15595 CVE-2017-15597 CVE-2017-18190 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 CVE-2017-3731 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 CVE-2019-10894 CVE-2019-10895 CVE-2019-10896 CVE-2019-10899 CVE-2019-10901 CVE-2019-10903 CVE-2019-12973 CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 CVE-2019-3835 CVE-2019-3839 SUSE-SU-2015:1544-1 SUSE-SU-2016:0030-1 SUSE-SU-2016:0202-1 SUSE-SU-2016:1260-1 SUSE-SU-2017:0460-1 SUSE-SU-2017:0461-1 SUSE-SU-2017:3236-1 SUSE-SU-2018:0604-1 SUSE-SU-2019:0512-1 SUSE-SU-2019:1038-1 SUSE-SU-2019:1972-1 SUSE-SU-2019:2478-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information NetworkManager-1.10.6-lp150.3 is installed OR NetworkManager-lang-1.10.6-lp150.3 is installed OR libnm-glib-vpn1-1.10.6-lp150.3 is installed OR libnm-glib4-1.10.6-lp150.3 is installed OR libnm-util2-1.10.6-lp150.3 is installed OR libnm0-1.10.6-lp150.3 is installed OR typelib-1_0-NM-1_0-1.10.6-lp150.3 is installed OR typelib-1_0-NMClient-1_0-1.10.6-lp150.3 is installed OR typelib-1_0-NetworkManager-1_0-1.10.6-lp150.3 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information aubio-0.4.6-lp151.6.3 is installed OR aubio-tools-0.4.6-lp151.6.3 is installed OR libaubio-devel-0.4.6-lp151.6.3 is installed OR libaubio5-0.4.6-lp151.6.3 is installed OR libaubio5-32bit-0.4.6-lp151.6.3 is installed OR python-aubio-0.4.6-lp151.6.3 is installed OR python2-aubio-0.4.6-lp151.6.3 is installed OR python3-aubio-0.4.6-lp151.6.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information gpg2-2.0.9-25.33.37 is installed OR gpg2-lang-2.0.9-25.33.37 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information MozillaFirefox-24.4.0esr-0.8 is installed OR MozillaFirefox-branding-SLED-24-0.7 is installed OR MozillaFirefox-translations-24.4.0esr-0.8 is installed OR mozilla-nspr-4.10.4-0.3 is installed OR mozilla-nspr-32bit-4.10.4-0.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information libxml2-2.7.6-0.34 is installed OR libxml2-32bit-2.7.6-0.34 is installed OR libxml2-python-2.7.6-0.34 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information openssh-6.6p1-29 is installed OR openssh-askpass-gnome-6.6p1-29 is installed OR openssh-helpers-6.6p1-29 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information libwireshark9-2.4.14-48.45 is installed OR libwiretap7-2.4.14-48.45 is installed OR libwscodecs1-2.4.14-48.45 is installed OR libwsutil8-2.4.14-48.45 is installed OR wireshark-2.4.14-48.45 is installed OR wireshark-gtk-2.4.14-48.45 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information libgnomesu-1.0.0-352 is installed OR libgnomesu-lang-1.0.0-352 is installed OR libgnomesu0-1.0.0-352 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information xen-4.5.5_20-22.36 is installed OR xen-doc-html-4.5.5_20-22.36 is installed OR xen-kmp-default-4.5.5_20_k3.12.74_60.64.63-22.36 is installed OR xen-libs-4.5.5_20-22.36 is installed OR xen-libs-32bit-4.5.5_20-22.36 is installed OR xen-tools-4.5.5_20-22.36 is installed OR xen-tools-domU-4.5.5_20-22.36 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information MozillaFirefox-45.4.0esr-81 is installed OR MozillaFirefox-translations-45.4.0esr-81 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information java-1_7_0-openjdk-1.7.0.251-43.35 is installed OR java-1_7_0-openjdk-demo-1.7.0.251-43.35 is installed OR java-1_7_0-openjdk-devel-1.7.0.251-43.35 is installed OR java-1_7_0-openjdk-headless-1.7.0.251-43.35 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information java-1_7_0-openjdk-1.7.0.241-43.30 is installed OR java-1_7_0-openjdk-demo-1.7.0.241-43.30 is installed OR java-1_7_0-openjdk-devel-1.7.0.241-43.30 is installed OR java-1_7_0-openjdk-headless-1.7.0.241-43.30 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information java-1_8_0-ibm-1.8.0_sr5.20-30.36 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr5.20-30.36 is installed OR java-1_8_0-ibm-devel-1.8.0_sr5.20-30.36 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr5.20-30.36 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information libidn-tools-1.28-4 is installed OR libidn11-1.28-4 is installed OR libidn11-32bit-1.28-4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND ucode-intel-20190618-13.47 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information ghostscript-9.27-23.31 is installed OR ghostscript-x11-9.27-23.31 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libSoundTouch0-1.7.1-5.6 is installed OR soundtouch-1.7.1-5.6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND iputils-s20121221-2 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND Package Information cups-1.7.5-20.3 is installed OR cups-client-1.7.5-20.3 is installed OR cups-libs-1.7.5-20.3 is installed OR cups-libs-32bit-1.7.5-20.3 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information openstack-magnum-3.1.2~a0~dev20-9 is installed OR openstack-magnum-api-3.1.2~a0~dev20-9 is installed OR openstack-magnum-conductor-3.1.2~a0~dev20-9 is installed OR openstack-magnum-doc-3.1.2~a0~dev20-9 is installed OR python-magnum-3.1.2~a0~dev20-9 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND python-urllib3-1.22-5.6 is installed
BACK