Oval Definition:	oval:org.opensuse.security:def:56158
Revision Date: 2020-12-01 Version: 1 Title: Security update for openssh (Moderate) Description: This update for openssh fixes several issues. These security issues were fixed: - CVE-2016-8858: The kex_input_kexinit function in kex.c allowed remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests (bsc#1005480). - CVE-2016-10012: The shared memory manager (associated with pre-authentication compression) did not ensure that a bounds check is enforced by all compilers, which might allowed local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures (bsc#1016370). - CVE-2016-10009: Untrusted search path vulnerability in ssh-agent.c allowed remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket (bsc#1016366). - CVE-2016-10010: When forwarding unix domain sockets with privilege separation disabled, the resulting sockets have be created as 'root' instead of the authenticated user. Forwarding unix domain sockets without privilege separation enabled is now rejected. - CVE-2016-10011: authfile.c in sshd did not properly consider the effects of realloc on buffer contents, which might allowed local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process (bsc#1016369). These non-security issues were fixed: - Adjusted suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) - Properly verify CIDR masks in configuration (bsc#1005893) Family: unix Class: patch Status: Reference(s): 1000048 1005480 1005893 1006221 1009254 1016366 1016368 1016369 1016370 1019611 1022103 1038564 1042892 1044878 1048457 1049796 1050083 1050116 1050139 1050632 1050751 1051441 1051847 1052450 1052553 1052689 1052744 1052758 1052764 1054757 1055214 1056432 1057157 1057719 1057729 1057730 1058485 1058637 1059666 1059778 1060176 1060577 1061254 1062750 1066003 1067181 1067184 1067409 1071853 1093536 1094462 1102682 1103203 1105323 1107874 1109845 904625 929718 935158 941500 945582 967012 967013 982017 982018 982019 982222 982223 982285 982959 983961 983982 991080 991466 994760 994771 994774 996441 997858 997859 CVE-2009-3894 CVE-2011-1831 CVE-2011-1832 CVE-2011-1833 CVE-2011-1834 CVE-2011-1835 CVE-2011-1836 CVE-2011-1837 CVE-2011-4349 CVE-2013-1762 CVE-2014-0016 CVE-2014-8651 CVE-2014-9087 CVE-2015-0247 CVE-2015-1572 CVE-2015-3644 CVE-2015-3813 CVE-2015-4652 CVE-2015-6241 CVE-2015-6242 CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6247 CVE-2015-6248 CVE-2015-6249 CVE-2015-6908 CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 CVE-2016-2391 CVE-2016-2392 CVE-2016-4453 CVE-2016-4454 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6490 CVE-2016-6833 CVE-2016-6836 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 CVE-2016-7156 CVE-2016-8858 CVE-2017-11188 CVE-2017-11478 CVE-2017-11523 CVE-2017-11527 CVE-2017-11535 CVE-2017-11640 CVE-2017-11752 CVE-2017-12140 CVE-2017-12435 CVE-2017-12587 CVE-2017-12644 CVE-2017-12662 CVE-2017-12669 CVE-2017-12983 CVE-2017-13134 CVE-2017-13769 CVE-2017-14138 CVE-2017-14172 CVE-2017-14173 CVE-2017-14175 CVE-2017-14341 CVE-2017-14342 CVE-2017-14531 CVE-2017-14607 CVE-2017-14682 CVE-2017-14733 CVE-2017-14989 CVE-2017-15217 CVE-2017-15930 CVE-2017-16545 CVE-2017-16546 CVE-2017-16669 CVE-2017-5225 CVE-2017-7533 CVE-2017-8890 CVE-2017-9242 CVE-2018-10811 CVE-2018-10902 CVE-2018-16151 CVE-2018-16152 CVE-2018-17540 CVE-2018-5388 CVE-2018-5390 SUSE-SU-2015:1676-2 SUSE-SU-2016:0090-1 SUSE-SU-2016:0303-1 SUSE-SU-2016:2589-1 SUSE-SU-2017:0264-1 SUSE-SU-2017:0453-1 SUSE-SU-2017:2094-1 SUSE-SU-2017:3388-1 SUSE-SU-2019:3266-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information dhcp-4.3.5-lp150.4 is installed OR dhcp-client-4.3.5-lp150.4 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information cron-4.2-lp151.4.3 is installed OR cronie-1.5.1-lp151.4.3 is installed OR cronie-anacron-1.5.1-lp151.4.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND wireshark-1.12.7-0.5 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information kde4-kgreeter-plugins-4.3.5-0.12.20 is installed OR kdebase4-wallpapers-4.3.5-0.11.20 is installed OR kdebase4-workspace-4.3.5-0.12.20 is installed OR kdebase4-workspace-ksysguardd-4.3.5-0.12.20 is installed OR kdm-4.3.5-0.12.20 is installed OR kwin-4.3.5-0.12.20 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information openssh-7.2p2-66 is installed OR openssh-askpass-gnome-7.2p2-66 is installed OR openssh-helpers-7.2p2-66 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information ecryptfs-utils-103-5 is installed OR ecryptfs-utils-32bit-103-5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_40-default-3-2 is installed OR kgraft-patch-3_12_74-60_64_40-xen-3-2 is installed OR kgraft-patch-SLE12-SP1_Update_15-3-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information colord-gtk-lang-0.1.26-6 is installed OR libcolord-gtk1-0.1.26-6 is installed OR libcolord2-1.3.3-10 is installed OR libcolord2-32bit-1.3.3-10 is installed OR libcolorhug2-1.3.3-10 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information gpg2-2.0.24-9.3 is installed OR gpg2-lang-2.0.24-9.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information xen-4.7.5_04-43.33 is installed OR xen-doc-html-4.7.5_04-43.33 is installed OR xen-libs-4.7.5_04-43.33 is installed OR xen-libs-32bit-4.7.5_04-43.33 is installed OR xen-tools-4.7.5_04-43.33 is installed OR xen-tools-domU-4.7.5_04-43.33 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_120-92_70-default-5-2 is installed OR kgraft-patch-SLE12-SP2_Update_20-5-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND libcares2-1.9.1-5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information openslp-2.0.0-18.15 is installed OR openslp-32bit-2.0.0-18.15 is installed OR openslp-server-2.0.0-18.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information libneon27-0.30.0-3 is installed OR libneon27-32bit-0.30.0-3 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND ucode-intel-20180425-13.20 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information java-1_8_0-ibm-1.8.0_sr5.40-30.54 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information MozillaFirefox-68.4.1-109.101 is installed OR MozillaFirefox-translations-common-68.4.1-109.101 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND python-SQLAlchemy-1.2.10-3.3 is installed
BACK