ssh-audit-3.2.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13932 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ssh-audit-3.2.0-1.1 on GA media These are all security issues fixed in the ssh-audit-3.2.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13932 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13932 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2002-20001/ SUSE CVE CVE-2002-20001 page openSUSE Tumbleweed ssh-audit-3.2.0-1.1 ssh-audit-3.2.0-1.1 as a component of openSUSE Tumbleweed The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. CVE-2002-20001 openSUSE Tumbleweed:ssh-audit-3.2.0-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2002-20001.html CVE-2002-20001 https://bugzilla.suse.com/1192815 SUSE Bug 1192815 https://bugzilla.suse.com/1199367 SUSE Bug 1199367