Oval Definition:	oval:org.opensuse.security:def:58523
Revision Date: 2020-12-01 Version: 1 Title: Security update for openssh (Moderate) Description: This update for openssh fixes several issues. These security issues were fixed: - CVE-2016-8858: The kex_input_kexinit function in kex.c allowed remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests (bsc#1005480). - CVE-2016-10012: The shared memory manager (associated with pre-authentication compression) did not ensure that a bounds check is enforced by all compilers, which might allowed local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures (bsc#1016370). - CVE-2016-10009: Untrusted search path vulnerability in ssh-agent.c allowed remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket (bsc#1016366). - CVE-2016-10010: When forwarding unix domain sockets with privilege separation disabled, the resulting sockets have be created as 'root' instead of the authenticated user. Forwarding unix domain sockets without privilege separation enabled is now rejected. - CVE-2016-10011: authfile.c in sshd did not properly consider the effects of realloc on buffer contents, which might allowed local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process (bsc#1016369). These non-security issues were fixed: - Adjusted suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) - Properly verify CIDR masks in configuration (bsc#1005893) Family: unix Class: patch Status: Reference(s): 1005480 1005893 1006221 1010399 1010405 1010406 1010408 1010409 1010421 1010423 1010424 1010425 1010426 1014702 1015169 1016366 1016368 1016369 1016370 1016779 1017081 1017084 1018128 1020491 1020589 1020928 1021129 1021195 1021481 1022541 1023004 1023053 1023073 1023907 1024972 1025108 1026583 1030263 1032114 1032120 1036453 1043008 1047002 1047281 1052829 1056865 1068689 1074235 1085449 1088004 1088009 1092611 1093311 1105437 1105459 1105460 1107832 1110233 1120374 1130840 1137990 1141853 1149429 1149496 1149955 1153238 1154162 1154738 1159856 1159858 1159860 1160250 1160251 1160937 1162423 1163019 1168140 1168142 1169392 1173274 1174091 1174543 1174701 1176579 959933 977027 983922 CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 CVE-2016-10028 CVE-2016-10029 CVE-2016-10155 CVE-2016-10220 CVE-2016-2830 CVE-2016-5289 CVE-2016-5292 CVE-2016-8858 CVE-2016-9063 CVE-2016-9067 CVE-2016-9068 CVE-2016-9069 CVE-2016-9071 CVE-2016-9073 CVE-2016-9075 CVE-2016-9076 CVE-2016-9077 CVE-2016-9601 CVE-2016-9921 CVE-2016-9922 CVE-2017-10790 CVE-2017-16852 CVE-2017-2615 CVE-2017-2620 CVE-2017-5525 CVE-2017-5526 CVE-2017-5552 CVE-2017-5578 CVE-2017-5667 CVE-2017-5856 CVE-2017-5857 CVE-2017-5898 CVE-2017-5951 CVE-2017-7207 CVE-2017-7753 CVE-2017-7779 CVE-2017-7782 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7789 CVE-2017-7791 CVE-2017-7792 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7804 CVE-2017-7807 CVE-2017-8291 CVE-2017-9951 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 CVE-2018-1417 CVE-2018-14633 CVE-2018-14647 CVE-2018-17182 CVE-2018-20852 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-5150 CVE-2018-5151 CVE-2018-5152 CVE-2018-5153 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5160 CVE-2018-5163 CVE-2018-5164 CVE-2018-5165 CVE-2018-5166 CVE-2018-5167 CVE-2018-5168 CVE-2018-5169 CVE-2018-5172 CVE-2018-5173 CVE-2018-5174 CVE-2018-5175 CVE-2018-5176 CVE-2018-5177 CVE-2018-5178 CVE-2018-5179 CVE-2018-5180 CVE-2018-5181 CVE-2018-5182 CVE-2018-5183 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15691 CVE-2019-15692 CVE-2019-15693 CVE-2019-15694 CVE-2019-15695 CVE-2019-15903 CVE-2019-16056 CVE-2019-16935 CVE-2019-20907 CVE-2019-2974 CVE-2019-5482 CVE-2019-9947 CVE-2020-11739 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-14422 CVE-2020-1472 CVE-2020-8608 SUSE-SU-2017:0264-1 SUSE-SU-2017:0625-1 SUSE-SU-2017:1138-1 SUSE-SU-2017:2589-1 SUSE-SU-2017:3215-1 SUSE-SU-2018:0839-1 SUSE-SU-2018:1764-1 SUSE-SU-2018:2825-2 SUSE-SU-2019:2339-2 SUSE-SU-2020:0050-1 SUSE-SU-2020:0159-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information PackageKit-1.1.10-lp150.2 is installed OR PackageKit-backend-zypp-1.1.10-lp150.2 is installed OR PackageKit-gstreamer-plugin-1.1.10-lp150.2 is installed OR PackageKit-gtk3-module-1.1.10-lp150.2 is installed OR PackageKit-lang-1.1.10-lp150.2 is installed OR libpackagekit-glib2-18-1.1.10-lp150.2 is installed OR typelib-1_0-PackageKitGlib-1_0-1.1.10-lp150.2 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information apache2-mod_php7-7.2.5-lp151.6.3 is installed OR php7-7.2.5-lp151.6.3 is installed OR php7-bcmath-7.2.5-lp151.6.3 is installed OR php7-bz2-7.2.5-lp151.6.3 is installed OR php7-calendar-7.2.5-lp151.6.3 is installed OR php7-ctype-7.2.5-lp151.6.3 is installed OR php7-curl-7.2.5-lp151.6.3 is installed OR php7-dba-7.2.5-lp151.6.3 is installed OR php7-devel-7.2.5-lp151.6.3 is installed OR php7-dom-7.2.5-lp151.6.3 is installed OR php7-embed-7.2.5-lp151.6.3 is installed OR php7-enchant-7.2.5-lp151.6.3 is installed OR php7-exif-7.2.5-lp151.6.3 is installed OR php7-fastcgi-7.2.5-lp151.6.3 is installed OR php7-fileinfo-7.2.5-lp151.6.3 is installed OR php7-firebird-7.2.5-lp151.6.3 is installed OR php7-fpm-7.2.5-lp151.6.3 is installed OR php7-ftp-7.2.5-lp151.6.3 is installed OR php7-gd-7.2.5-lp151.6.3 is installed OR php7-gettext-7.2.5-lp151.6.3 is installed OR php7-gmp-7.2.5-lp151.6.3 is installed OR php7-iconv-7.2.5-lp151.6.3 is installed OR php7-intl-7.2.5-lp151.6.3 is installed OR php7-json-7.2.5-lp151.6.3 is installed OR php7-ldap-7.2.5-lp151.6.3 is installed OR php7-mbstring-7.2.5-lp151.6.3 is installed OR php7-mysql-7.2.5-lp151.6.3 is installed OR php7-odbc-7.2.5-lp151.6.3 is installed OR php7-opcache-7.2.5-lp151.6.3 is installed OR php7-openssl-7.2.5-lp151.6.3 is installed OR php7-pcntl-7.2.5-lp151.6.3 is installed OR php7-pdo-7.2.5-lp151.6.3 is installed OR php7-pear-7.2.5-lp151.6.3 is installed OR php7-pear-Archive_Tar-7.2.5-lp151.6.3 is installed OR php7-pgsql-7.2.5-lp151.6.3 is installed OR php7-phar-7.2.5-lp151.6.3 is installed OR php7-posix-7.2.5-lp151.6.3 is installed OR php7-readline-7.2.5-lp151.6.3 is installed OR php7-shmop-7.2.5-lp151.6.3 is installed OR php7-snmp-7.2.5-lp151.6.3 is installed OR php7-soap-7.2.5-lp151.6.3 is installed OR php7-sockets-7.2.5-lp151.6.3 is installed OR php7-sodium-7.2.5-lp151.6.3 is installed OR php7-sqlite-7.2.5-lp151.6.3 is installed OR php7-sysvmsg-7.2.5-lp151.6.3 is installed OR php7-sysvsem-7.2.5-lp151.6.3 is installed OR php7-sysvshm-7.2.5-lp151.6.3 is installed OR php7-testresults-7.2.5-lp151.6.3 is installed OR php7-tidy-7.2.5-lp151.6.3 is installed OR php7-tokenizer-7.2.5-lp151.6.3 is installed OR php7-wddx-7.2.5-lp151.6.3 is installed OR php7-xmlreader-7.2.5-lp151.6.3 is installed OR php7-xmlrpc-7.2.5-lp151.6.3 is installed OR php7-xmlwriter-7.2.5-lp151.6.3 is installed OR php7-xsl-7.2.5-lp151.6.3 is installed OR php7-zip-7.2.5-lp151.6.3 is installed OR php7-zlib-7.2.5-lp151.6.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information openssh-7.2p2-66 is installed OR openssh-askpass-gnome-7.2p2-66 is installed OR openssh-fips-7.2p2-66 is installed OR openssh-helpers-7.2p2-66 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information gnutls-3.2.15-18.6 is installed OR libgnutls-openssl27-3.2.15-18.6 is installed OR libgnutls28-3.2.15-18.6 is installed OR libgnutls28-32bit-3.2.15-18.6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information MozillaFirefox-68.2.0-109.95 is installed OR MozillaFirefox-devel-68.2.0-109.95 is installed OR MozillaFirefox-translations-common-68.2.0-109.95 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information java-1_7_1-ibm-1.7.1_sr4.25-38.23 is installed OR java-1_7_1-ibm-alsa-1.7.1_sr4.25-38.23 is installed OR java-1_7_1-ibm-devel-1.7.1_sr4.25-38.23 is installed OR java-1_7_1-ibm-jdbc-1.7.1_sr4.25-38.23 is installed OR java-1_7_1-ibm-plugin-1.7.1_sr4.25-38.23 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server 12 SP3 is installed AND kernel-default-4.4.180-94.100 is installed OR kernel-default-base-4.4.180-94.100 is installed OR kernel-default-devel-4.4.180-94.100 is installed OR kernel-default-man-4.4.180-94.100 is installed OR kernel-devel-4.4.180-94.100 is installed OR kernel-macros-4.4.180-94.100 is installed OR kernel-source-4.4.180-94.100 is installed OR kernel-syms-4.4.180-94.100 is installed OR kgraft-patch-4_4_180-94_100-default-1-4.3 is installed OR kgraft-patch-SLE12-SP3_Update_27-1-4.3 is installed OR Package Information SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND kernel-default-4.4.180-94.100 is installed OR kernel-default-base-4.4.180-94.100 is installed OR kernel-default-devel-4.4.180-94.100 is installed OR kernel-default-man-4.4.180-94.100 is installed OR kernel-devel-4.4.180-94.100 is installed OR kernel-macros-4.4.180-94.100 is installed OR kernel-source-4.4.180-94.100 is installed OR kernel-syms-4.4.180-94.100 is installed OR kgraft-patch-4_4_180-94_100-default-1-4.3 is installed OR kgraft-patch-SLE12-SP3_Update_27-1-4.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND kdump-0.8.16-5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information freeradius-server-3.0.15-2.14 is installed OR freeradius-server-doc-3.0.15-2.14 is installed OR freeradius-server-krb5-3.0.15-2.14 is installed OR freeradius-server-ldap-3.0.15-2.14 is installed OR freeradius-server-libs-3.0.15-2.14 is installed OR freeradius-server-mysql-3.0.15-2.14 is installed OR freeradius-server-perl-3.0.15-2.14 is installed OR freeradius-server-postgresql-3.0.15-2.14 is installed OR freeradius-server-python-3.0.15-2.14 is installed OR freeradius-server-sqlite-3.0.15-2.14 is installed OR freeradius-server-utils-3.0.15-2.14 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information ceph-12.2.13+git.1592168685.85110a3e9d-2.50 is installed OR ceph-common-12.2.13+git.1592168685.85110a3e9d-2.50 is installed OR libcephfs2-12.2.13+git.1592168685.85110a3e9d-2.50 is installed OR librados2-12.2.13+git.1592168685.85110a3e9d-2.50 is installed OR libradosstriper1-12.2.13+git.1592168685.85110a3e9d-2.50 is installed OR librbd1-12.2.13+git.1592168685.85110a3e9d-2.50 is installed OR librgw2-12.2.13+git.1592168685.85110a3e9d-2.50 is installed OR python-cephfs-12.2.13+git.1592168685.85110a3e9d-2.50 is installed OR python-rados-12.2.13+git.1592168685.85110a3e9d-2.50 is installed OR python-rbd-12.2.13+git.1592168685.85110a3e9d-2.50 is installed OR python-rgw-12.2.13+git.1592168685.85110a3e9d-2.50 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_156-94_57-default-7-2 is installed OR kgraft-patch-SLE12-SP3_Update_18-7-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information xen-4.9.2_10-3.41 is installed OR xen-doc-html-4.9.2_10-3.41 is installed OR xen-libs-4.9.2_10-3.41 is installed OR xen-libs-32bit-4.9.2_10-3.41 is installed OR xen-tools-4.9.2_10-3.41 is installed OR xen-tools-domU-4.9.2_10-3.41 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information lcms2-2.7-9.7 is installed OR liblcms2-2-2.7-9.7 is installed OR liblcms2-2-32bit-2.7-9.7 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information libpcap-1.8.1-10.3 is installed OR libpcap1-1.8.1-10.3 is installed OR tcpdump-4.9.2-14.14 is installed Definition Synopsis SUSE OpenStack Cloud 9 is installed AND Package Information ardana-db-9.0+git.1572311426.a6dc2fd-3.13 is installed OR ardana-keystone-9.0+git.1573069087.15ffd1c-3.13 is installed OR ardana-neutron-9.0+git.1572019823.6650494-3.16 is installed OR ardana-nova-9.0+git.1572618171.4460843-3.13 is installed OR openstack-barbican-7.0.1~dev21-3.3 is installed OR openstack-barbican-api-7.0.1~dev21-3.3 is installed OR openstack-barbican-keystone-listener-7.0.1~dev21-3.3 is installed OR openstack-barbican-retry-7.0.1~dev21-3.3 is installed OR openstack-barbican-worker-7.0.1~dev21-3.3 is installed OR openstack-heat-templates-0.0.0+git.1553459627.948e8cc-3.3 is installed OR openstack-keystone-14.1.1~dev28-3.16 is installed OR openstack-neutron-13.0.6~dev8-3.16 is installed OR openstack-neutron-dhcp-agent-13.0.6~dev8-3.16 is installed OR openstack-neutron-gbp-5.0.1~dev476-3.13 is installed OR openstack-neutron-ha-tool-13.0.6~dev8-3.16 is installed OR openstack-neutron-l3-agent-13.0.6~dev8-3.16 is installed OR openstack-neutron-lbaas-13.0.1~dev16-3.13 is installed OR openstack-neutron-lbaas-agent-13.0.1~dev16-3.13 is installed OR openstack-neutron-linuxbridge-agent-13.0.6~dev8-3.16 is installed OR openstack-neutron-macvtap-agent-13.0.6~dev8-3.16 is installed OR openstack-neutron-metadata-agent-13.0.6~dev8-3.16 is installed OR openstack-neutron-metering-agent-13.0.6~dev8-3.16 is installed OR openstack-neutron-openvswitch-agent-13.0.6~dev8-3.16 is installed OR openstack-neutron-server-13.0.6~dev8-3.16 is installed OR openstack-nova-18.2.4~dev22-3.16 is installed OR openstack-nova-api-18.2.4~dev22-3.16 is installed OR openstack-nova-cells-18.2.4~dev22-3.16 is installed OR openstack-nova-compute-18.2.4~dev22-3.16 is installed OR openstack-nova-conductor-18.2.4~dev22-3.16 is installed OR openstack-nova-console-18.2.4~dev22-3.16 is installed OR openstack-nova-novncproxy-18.2.4~dev22-3.16 is installed OR openstack-nova-placement-api-18.2.4~dev22-3.16 is installed OR openstack-nova-scheduler-18.2.4~dev22-3.16 is installed OR openstack-nova-serialproxy-18.2.4~dev22-3.16 is installed OR openstack-nova-vncproxy-18.2.4~dev22-3.16 is installed OR openstack-octavia-3.2.1~dev3-3.16 is installed OR openstack-octavia-amphora-agent-3.2.1~dev3-3.16 is installed OR openstack-octavia-api-3.2.1~dev3-3.16 is installed OR openstack-octavia-health-manager-3.2.1~dev3-3.16 is installed OR openstack-octavia-housekeeping-3.2.1~dev3-3.16 is installed OR openstack-octavia-worker-3.2.1~dev3-3.16 is installed OR openstack-sahara-9.0.2~dev14-3.6 is installed OR openstack-sahara-api-9.0.2~dev14-3.6 is installed OR openstack-sahara-engine-9.0.2~dev14-3.6 is installed OR python-barbican-7.0.1~dev21-3.3 is installed OR python-keystone-14.1.1~dev28-3.16 is installed OR python-neutron-13.0.6~dev8-3.16 is installed OR python-neutron-gbp-5.0.1~dev476-3.13 is installed OR python-neutron-lbaas-13.0.1~dev16-3.13 is installed OR python-nova-18.2.4~dev22-3.16 is installed OR python-octavia-3.2.1~dev3-3.16 is installed OR python-psutil-5.4.6-3.3 is installed OR python-sahara-9.0.2~dev14-3.6 is installed OR release-notes-suse-openstack-cloud-9.20191025-3.15 is installed OR venv-openstack-barbican-7.0.1~dev21-3.13 is installed OR venv-openstack-barbican-x86_64-7.0.1~dev21-3.13 is installed OR venv-openstack-cinder-13.0.8~dev8-3.13 is installed OR venv-openstack-cinder-x86_64-13.0.8~dev8-3.13 is installed OR venv-openstack-designate-7.0.1~dev22-3.13 is installed OR venv-openstack-designate-x86_64-7.0.1~dev22-3.13 is installed OR venv-openstack-heat-11.0.3~dev23-3.13 is installed OR venv-openstack-heat-x86_64-11.0.3~dev23-3.13 is installed OR venv-openstack-keystone-14.1.1~dev28-3.13 is installed OR venv-openstack-keystone-x86_64-14.1.1~dev28-3.13 is installed OR venv-openstack-magnum-7.1.1~dev28-4.13 is installed OR venv-openstack-magnum-x86_64-7.1.1~dev28-4.13 is installed OR venv-openstack-manila-7.3.1~dev15-3.13 is installed OR venv-openstack-manila-x86_64-7.3.1~dev15-3.13 is installed OR venv-openstack-monasca-ceilometer-1.8.2~dev3-3.13 is installed OR venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.13 is installed OR venv-openstack-neutron-13.0.6~dev8-6.13 is installed OR venv-openstack-neutron-x86_64-13.0.6~dev8-6.13 is installed OR venv-openstack-nova-18.2.4~dev22-3.13 is installed OR venv-openstack-nova-x86_64-18.2.4~dev22-3.13 is installed OR venv-openstack-octavia-3.2.1~dev3-4.13 is installed OR venv-openstack-octavia-x86_64-3.2.1~dev3-4.13 is installed OR venv-openstack-sahara-9.0.2~dev14-3.13 is installed OR venv-openstack-sahara-x86_64-9.0.2~dev14-3.13 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information xen-4.9.4_06-3.59 is installed OR xen-doc-html-4.9.4_06-3.59 is installed OR xen-libs-4.9.4_06-3.59 is installed OR xen-libs-32bit-4.9.4_06-3.59 is installed OR xen-tools-4.9.4_06-3.59 is installed OR xen-tools-domU-4.9.4_06-3.59 is installed
BACK