Oval Definition:oval:org.opensuse.security:def:55721
Revision Date:2020-12-01Version:1
Title:Security update for openssh (Critical)
Description:



This update for openssh fixes the following issues:

- CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature (bsc#961642) - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflow in the OpenSSH client through the roaming feature (bsc#961645)

This update disables the undocumented feature supported by the OpenSSH client and a commercial SSH server.
Family:unixClass:patch
Status:Reference(s):1000394
1000399
1000434
1000436
1000686
1000688
1000689
1000690
1000691
1000692
1000693
1000694
1000695
1000696
1000697
1000698
1000699
1000700
1000701
1000702
1000703
1000704
1000706
1000707
1000708
1000709
1000711
1000712
1000713
1000714
1000715
1001066
1001221
1002206
1002209
1002421
1002422
1003629
1005123
1005125
1005127
1005328
1026236
1027519
1055962
1063671
1064392
1066471
1066472
1069468
1076500
1079869
1083625
1092885
1097108
1099306
1119161
1120067
1120470
1120502
1120503
1120504
1120584
1120589
1123157
1126140
1126141
1126192
1126195
1126196
1126197
1126198
1126201
1126325
1127400
1127620
1129623
1133925
1140277
1150003
1150247
1150250
1158809
807449
923945
928292
932894
961642
961645
967082
968849
984906
987887
988311
993302
993313
CVE-2008-1686
CVE-2013-1769
CVE-2013-1981
CVE-2013-1997
CVE-2013-2004
CVE-2014-9638
CVE-2014-9639
CVE-2014-9640
CVE-2014-9709
CVE-2014-9907
CVE-2015-6749
CVE-2015-8853
CVE-2015-8957
CVE-2015-8958
CVE-2015-8959
CVE-2016-0777
CVE-2016-0778
CVE-2016-1238
CVE-2016-2098
CVE-2016-2381
CVE-2016-6185
CVE-2016-6316
CVE-2016-6317
CVE-2016-6823
CVE-2016-7101
CVE-2016-7513
CVE-2016-7514
CVE-2016-7515
CVE-2016-7516
CVE-2016-7517
CVE-2016-7518
CVE-2016-7519
CVE-2016-7520
CVE-2016-7521
CVE-2016-7522
CVE-2016-7523
CVE-2016-7524
CVE-2016-7525
CVE-2016-7526
CVE-2016-7527
CVE-2016-7528
CVE-2016-7529
CVE-2016-7530
CVE-2016-7531
CVE-2016-7532
CVE-2016-7533
CVE-2016-7534
CVE-2016-7535
CVE-2016-7537
CVE-2016-7538
CVE-2016-7539
CVE-2016-7540
CVE-2016-7799
CVE-2016-7800
CVE-2016-7996
CVE-2016-7997
CVE-2016-8677
CVE-2016-8682
CVE-2016-8683
CVE-2016-8684
CVE-2017-13080
CVE-2017-15649
CVE-2017-5715
CVE-2018-1064
CVE-2018-10853
CVE-2018-20544
CVE-2018-20545
CVE-2018-20546
CVE-2018-20547
CVE-2018-20548
CVE-2018-20549
CVE-2018-3639
CVE-2018-3646
CVE-2018-5748
CVE-2019-1547
CVE-2019-1549
CVE-2019-1551
CVE-2019-1563
CVE-2019-6778
CVE-2019-9824
SUSE-SU-2015:0835-1
SUSE-SU-2016:0118-1
SUSE-SU-2016:0119-1
SUSE-SU-2016:2263-1
SUSE-SU-2016:2667-1
SUSE-SU-2017:2716-1
SUSE-SU-2017:3147-1
SUSE-SU-2018:2082-1
SUSE-SU-2018:2359-1
SUSE-SU-2018:2363-1
SUSE-SU-2019:0891-1
SUSE-SU-2019:2745-1
SUSE-SU-2020:0099-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • MozillaFirefox-60.0-lp150.2 is installed
  • OR MozillaFirefox-translations-common-60.0-lp150.2 is installed
  • OR MozillaFirefox-translations-other-60.0-lp150.2 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • exempi-2.4.5-lp151.3.3 is installed
  • OR exempi-tools-2.4.5-lp151.3.3 is installed
  • OR libexempi-devel-2.4.5-lp151.3.3 is installed
  • OR libexempi3-2.4.5-lp151.3.3 is installed
  • OR libexempi3-32bit-2.4.5-lp151.3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND telepathy-gabble-0.7.10-2.19 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND gd-2.0.36.RC1-52.20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • openssh-6.6p1-33 is installed
  • OR openssh-askpass-gnome-6.6p1-33 is installed
  • OR openssh-helpers-6.6p1-33 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • perl-5.18.2-11 is installed
  • OR perl-32bit-5.18.2-11 is installed
  • OR perl-base-5.18.2-11 is installed
  • OR perl-doc-5.18.2-11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • libcaca-0.99.beta18-14.3 is installed
  • OR libcaca0-0.99.beta18-14.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • libX11-6-1.6.2-4 is installed
  • OR libX11-6-32bit-1.6.2-4 is installed
  • OR libX11-data-1.6.2-4 is installed
  • OR libX11-xcb1-1.6.2-4 is installed
  • OR libX11-xcb1-32bit-1.6.2-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_67-60_64_24-default-10-2 is installed
  • OR kgraft-patch-3_12_67-60_64_24-xen-10-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_11-10-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • file-5.19-9 is installed
  • OR file-magic-5.19-9 is installed
  • OR libmagic1-5.19-9 is installed
  • OR libmagic1-32bit-5.19-9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • xen-4.7.6_02-43.36 is installed
  • OR xen-doc-html-4.7.6_02-43.36 is installed
  • OR xen-libs-4.7.6_02-43.36 is installed
  • OR xen-libs-32bit-4.7.6_02-43.36 is installed
  • OR xen-tools-4.7.6_02-43.36 is installed
  • OR xen-tools-domU-4.7.6_02-43.36 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • qemu-2.6.2-41.52 is installed
  • OR qemu-block-curl-2.6.2-41.52 is installed
  • OR qemu-block-rbd-2.6.2-41.52 is installed
  • OR qemu-block-ssh-2.6.2-41.52 is installed
  • OR qemu-guest-agent-2.6.2-41.52 is installed
  • OR qemu-ipxe-1.0.0-41.52 is installed
  • OR qemu-kvm-2.6.2-41.52 is installed
  • OR qemu-lang-2.6.2-41.52 is installed
  • OR qemu-seabios-1.9.1-41.52 is installed
  • OR qemu-sgabios-8-41.52 is installed
  • OR qemu-tools-2.6.2-41.52 is installed
  • OR qemu-vgabios-1.9.1-41.52 is installed
  • OR qemu-x86-2.6.2-41.52 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • openslp-2.0.0-18.15 is installed
  • OR openslp-32bit-2.0.0-18.15 is installed
  • OR openslp-server-2.0.0-18.15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND rpcbind-0.2.3-23 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-2.28.1-2.50 is installed
  • OR libwebkit2gtk-4_0-37-2.28.1-2.50 is installed
  • OR typelib-1_0-JavaScriptCore-4_0-2.28.1-2.50 is installed
  • OR typelib-1_0-WebKit2-4_0-2.28.1-2.50 is installed
  • OR webkit2gtk-4_0-injected-bundles-2.28.1-2.50 is installed
  • OR webkit2gtk3-2.28.1-2.50 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • libpolkit0-0.113-5.18 is installed
  • OR polkit-0.113-5.18 is installed
  • OR typelib-1_0-Polkit-1_0-0.113-5.18 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • qemu-2.9.1-6.44 is installed
  • OR qemu-arm-2.9.1-6.44 is installed
  • OR qemu-block-curl-2.9.1-6.44 is installed
  • OR qemu-block-iscsi-2.9.1-6.44 is installed
  • OR qemu-block-rbd-2.9.1-6.44 is installed
  • OR qemu-block-ssh-2.9.1-6.44 is installed
  • OR qemu-guest-agent-2.9.1-6.44 is installed
  • OR qemu-ipxe-1.0.0+-6.44 is installed
  • OR qemu-kvm-2.9.1-6.44 is installed
  • OR qemu-lang-2.9.1-6.44 is installed
  • OR qemu-ppc-2.9.1-6.44 is installed
  • OR qemu-s390-2.9.1-6.44 is installed
  • OR qemu-seabios-1.10.2-6.44 is installed
  • OR qemu-sgabios-8-6.44 is installed
  • OR qemu-tools-2.9.1-6.44 is installed
  • OR qemu-vgabios-1.10.2-6.44 is installed
  • OR qemu-x86-2.9.1-6.44 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • apache-commons-beanutils-1.9.2-3.3 is installed
  • OR apache-commons-beanutils-javadoc-1.9.2-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • libXcursor1-1.1.14-4.6 is installed
  • OR libXcursor1-32bit-1.1.14-4.6 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3 is installed
  • OR ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3 is installed
  • OR ruby2.1-rubygem-actionview-4_2-4.2.9-9.3 is installed
  • OR ruby2.1-rubygem-activejob-4_2-4.2.9-3.3 is installed
  • OR ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3 is installed
  • OR ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3 is installed
  • OR ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3 is installed
  • OR ruby2.1-rubygem-rails-4_2-4.2.9-3.3 is installed
  • OR ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3 is installed
  • OR ruby2.1-rubygem-railties-4_2-4.2.9-3.3 is installed
  • OR rubygem-actionmailer-4_2-4.2.9-3.3 is installed
  • OR rubygem-actionpack-4_2-4.2.9-7.3 is installed
  • OR rubygem-actionview-4_2-4.2.9-9.3 is installed
  • OR rubygem-activejob-4_2-4.2.9-3.3 is installed
  • OR rubygem-activemodel-4_2-4.2.9-6.3 is installed
  • OR rubygem-activerecord-4_2-4.2.9-6.3 is installed
  • OR rubygem-activesupport-4_2-4.2.9-7.3 is installed
  • OR rubygem-rails-4_2-4.2.9-3.3 is installed
  • OR rubygem-rails-html-sanitizer-1.0.3-8.3 is installed
  • OR rubygem-railties-4_2-4.2.9-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • libopenssl-devel-1.0.2j-60.30 is installed
  • OR libopenssl1_0_0-1.0.2j-60.30 is installed
  • OR libopenssl1_0_0-32bit-1.0.2j-60.30 is installed
  • OR libopenssl1_0_0-hmac-1.0.2j-60.30 is installed
  • OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.30 is installed
  • OR openssl-1.0.2j-60.30 is installed
  • OR openssl-doc-1.0.2j-60.30 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND ucode-intel-20191112-13.53 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • kernel-default-4.4.180-94.116 is installed
  • OR kernel-default-base-4.4.180-94.116 is installed
  • OR kernel-default-devel-4.4.180-94.116 is installed
  • OR kernel-default-kgraft-4.4.180-94.116 is installed
  • OR kernel-devel-4.4.180-94.116 is installed
  • OR kernel-macros-4.4.180-94.116 is installed
  • OR kernel-source-4.4.180-94.116 is installed
  • OR kernel-syms-4.4.180-94.116 is installed
  • OR kgraft-patch-4_4_180-94_116-default-1-4.3 is installed
  • OR kgraft-patch-SLE12-SP3_Update_31-1-4.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND python-urllib3-1.23-3.6 is installed
    • BACK