openssh-7.2p2-3.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10174 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z openssh-7.2p2-3.1 on GA media These are all security issues fixed in the openssh-7.2p2-3.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10174 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10174 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2015-8325/ SUSE CVE CVE-2015-8325 page https://www.suse.com/security/cve/CVE-2016-0777/ SUSE CVE CVE-2016-0777 page https://www.suse.com/security/cve/CVE-2016-0778/ SUSE CVE CVE-2016-0778 page https://www.suse.com/security/cve/CVE-2016-6210/ SUSE CVE CVE-2016-6210 page https://www.suse.com/security/cve/CVE-2016-6515/ SUSE CVE CVE-2016-6515 page openSUSE Tumbleweed openssh-7.2p2-3.1 openssh-cavs-7.2p2-3.1 openssh-fips-7.2p2-3.1 openssh-helpers-7.2p2-3.1 openssh-7.2p2-3.1 as a component of openSUSE Tumbleweed openssh-cavs-7.2p2-3.1 as a component of openSUSE Tumbleweed openssh-fips-7.2p2-3.1 as a component of openSUSE Tumbleweed openssh-helpers-7.2p2-3.1 as a component of openSUSE Tumbleweed The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. CVE-2015-8325 openSUSE Tumbleweed:openssh-7.2p2-3.1 openSUSE Tumbleweed:openssh-cavs-7.2p2-3.1 openSUSE Tumbleweed:openssh-fips-7.2p2-3.1 openSUSE Tumbleweed:openssh-helpers-7.2p2-3.1 moderate 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8325.html CVE-2015-8325 https://bugzilla.suse.com/1138392 SUSE Bug 1138392 https://bugzilla.suse.com/975865 SUSE Bug 975865 https://bugzilla.suse.com/996040 SUSE Bug 996040 The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. CVE-2016-0777 openSUSE Tumbleweed:openssh-7.2p2-3.1 openSUSE Tumbleweed:openssh-cavs-7.2p2-3.1 openSUSE Tumbleweed:openssh-fips-7.2p2-3.1 openSUSE Tumbleweed:openssh-helpers-7.2p2-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-0777.html CVE-2016-0777 https://bugzilla.suse.com/961642 SUSE Bug 961642 https://bugzilla.suse.com/996040 SUSE Bug 996040 The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. CVE-2016-0778 openSUSE Tumbleweed:openssh-7.2p2-3.1 openSUSE Tumbleweed:openssh-cavs-7.2p2-3.1 openSUSE Tumbleweed:openssh-fips-7.2p2-3.1 openSUSE Tumbleweed:openssh-helpers-7.2p2-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-0778.html CVE-2016-0778 https://bugzilla.suse.com/961645 SUSE Bug 961645 https://bugzilla.suse.com/996040 SUSE Bug 996040 sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided. CVE-2016-6210 openSUSE Tumbleweed:openssh-7.2p2-3.1 openSUSE Tumbleweed:openssh-cavs-7.2p2-3.1 openSUSE Tumbleweed:openssh-fips-7.2p2-3.1 openSUSE Tumbleweed:openssh-helpers-7.2p2-3.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-6210.html CVE-2016-6210 https://bugzilla.suse.com/1001712 SUSE Bug 1001712 https://bugzilla.suse.com/1010950 SUSE Bug 1010950 https://bugzilla.suse.com/1105010 SUSE Bug 1105010 https://bugzilla.suse.com/1138392 SUSE Bug 1138392 https://bugzilla.suse.com/989363 SUSE Bug 989363 The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. CVE-2016-6515 openSUSE Tumbleweed:openssh-7.2p2-3.1 openSUSE Tumbleweed:openssh-cavs-7.2p2-3.1 openSUSE Tumbleweed:openssh-fips-7.2p2-3.1 openSUSE Tumbleweed:openssh-helpers-7.2p2-3.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-6515.html CVE-2016-6515 https://bugzilla.suse.com/1010950 SUSE Bug 1010950 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/992533 SUSE Bug 992533