SUSE Security Update: Security update for openssh
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:3540-1
Rating:             important
References:         #1016370 #1065000 #1076957 #1105010 #1105180 
                    #1106163 #1106726 
Cross-References:   CVE-2016-10012 CVE-2016-10708 CVE-2017-15906
                    CVE-2018-15473 CVE-2018-15919
Affected Products:
                    SUSE Linux Enterprise Server 11-SP3-LTSS
                    SUSE Linux Enterprise Point of Sale 11-SP3
                    SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

   An update that solves 5 vulnerabilities and has two fixes
   is now available.

Description:

   This update for openssh fixes the following issues:

   Security issues fixed:

   - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH
     could be used by remote attackers to detect existence of users on a
     target system when GSS2 is in use. OpenSSH developers do not want to
     treat such a username enumeration (or "oracle") as a
 vulnerability.
     (bsc#1106163)
   - CVE-2017-15906: The process_open function in sftp-server.c in OpenSSH
     did not properly prevent write operations in readonly mode, which
     allowed attackers to create zero-length files. (bsc#1065000, bsc#1106726)
   - CVE-2016-10708: sshd allowed remote attackers to cause a denial of
     service (NULL pointer dereference and daemon crash) via an
     out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related
     to kex.c and packet.c.  (bsc#1076957)
   - CVE-2018-15473: OpenSSH was prone to a user existance oracle
     vulnerability due to not delaying bailout for an invalid authenticating
     user until after the packet containing the request has been fully
     parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
     (bsc#1105010)
   - CVE-2016-10012: Removed pre-auth compression support from the server to
     prevent possible cryptographic attacks.  (bsc#1016370)

   Bugs fixed:

   - Fixed failing "AuthorizedKeysCommand" within a "Match
 User" block in
     sshd_config (bsc#1105180)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation
 methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP3-LTSS:

      zypper in -t patch slessp3-openssh-13848=1

   - SUSE Linux Enterprise Point of Sale 11-SP3:

      zypper in -t patch sleposp3-openssh-13848=1

   - SUSE Linux Enterprise Debuginfo 11-SP3:

      zypper in -t patch dbgsp3-openssh-13848=1



Package List:

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):

      openssh-6.2p2-0.41.5.1
      openssh-askpass-6.2p2-0.41.5.1
      openssh-askpass-gnome-6.2p2-0.41.5.1

   - SUSE Linux Enterprise Point of Sale 11-SP3 (i586):

      openssh-6.2p2-0.41.5.1
      openssh-askpass-6.2p2-0.41.5.1
      openssh-askpass-gnome-6.2p2-0.41.5.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):

      openssh-askpass-gnome-debuginfo-6.2p2-0.41.5.1
      openssh-debuginfo-6.2p2-0.41.5.1
      openssh-debugsource-6.2p2-0.41.5.1


References:

   https://www.suse.com/security/cve/CVE-2016-10012.html
   https://www.suse.com/security/cve/CVE-2016-10708.html
   https://www.suse.com/security/cve/CVE-2017-15906.html
   https://www.suse.com/security/cve/CVE-2018-15473.html
   https://www.suse.com/security/cve/CVE-2018-15919.html
   https://bugzilla.suse.com/1016370
   https://bugzilla.suse.com/1065000
   https://bugzilla.suse.com/1076957
   https://bugzilla.suse.com/1105010
   https://bugzilla.suse.com/1105180
   https://bugzilla.suse.com/1106163
   https://bugzilla.suse.com/1106726

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates