Oval Definition:oval:org.opensuse.security:def:88614
Revision Date:2018-11-26Version:1
Title:Security update for openssh (Moderate)
Description:

This update for openssh fixes the following issues:

Following security issues have been fixed:

- CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010)

The following non-security issues were fixed:

- Stop leaking File descriptors (bsc#964336) - sftp-client.c returns wrong error code upon failure [bsc#1091396]

Family:unixClass:patch
Status:Reference(s):1091396
1105010
964336
CVE-2018-15473
SUSE-SU-2018:3910-1
Platform(s):SUSE Linux Enterprise Server 12 SP4
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • openssh-7.2p2-74.30.1 is installed
  • OR openssh-askpass-gnome-7.2p2-74.30.1 is installed
  • OR openssh-fips-7.2p2-74.30.1 is installed
  • OR openssh-helpers-7.2p2-74.30.1 is installed
  • BACK