OPENSUSE-SU-2019:1985-1 Recommended update for putty

This update for putty fixes the following issues: Update to new upstream release 0.72 boo1144547, boo1144548 Fixed two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking. Fixed a vulnerability in all the SSH client tools PuTTY, Plink, PSFTP and...

Recommended update for putty (moderate)

openSUSE Security Update: Recommended update for putty Announcement ID: openSUSE-SU-2019:1985-1 Rating: moderate References: 1144547 1144548 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 An update that contains security fixes can now be installed. Description: This update for putty fix...

The vulnerability of the gsskrb5_extract_authz_data_from_sec_context_ex function in the gssapi module of the Secret Net Studio security system allows a attacker to cause a service failure.

The vulnerability of the gsskrb5extractauthzdatafromseccontextex function in the gssapi module of the Secret Net Studio security system is related to the lack of checks for the execution of the memory allocation command. Exploiting this vulnerability could allow a remote attacker to cause service...

Fedora 30 : openssh (2019-0f4190cdb0)

New upstream release with significantly reworked PKCS11 support, GSSAPI key exchange and several fixes for CVE-2019-6111 and CVE-2019-6109 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

Authorization Bypass

PostgreSQL is vulnerable to authorization bypass. It is because it did not properly check the return values of certain standard library functions. If the system is in a state that would cause the standard library functions to fail, for example memory exhaustion, an authenticated user could exploi...

Denial Of Service (DoS)

krb5 is vulnerable to denial of service DoS. The vulnerability exists through a buffer overread issue when injected with invalid tokens into the GSSAPI application session...

UBUNTU-CVE-2019-10894

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called...

CVE-2017-2659

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts...

CVE-2017-2659

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts...

CVE-2017-2659

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts...

Authentication flaw

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts...

CVE-2017-2659

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts...

CVE-2017-2659

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts...

CVE-2017-2659

CVE-2017-2659 affects dropbear prior to 2013.59, where GSSAPI authentication failures are incorrectly counted toward the maximum password attempts when an invalid username is supplied. This leaks whether a username is valid or invalid during authentication, exposing a side channel that can aid cr...

openSUSE Security Update : python-paramiko (openSUSE-2019-129)

This update for python-paramiko to version 2.4.2 fixes the following issues : Security issue fixed : - CVE-2018-1000805: Fixed an authentication bypass in authhandler.py bsc1111151 Non-security issue fixed : - Disable experimental gssapi support bsc1115769 This update was imported from the...

Security update for python-paramiko (important)

openSUSE Security Update: Security update for python-paramiko Announcement ID: openSUSE-SU-2019:0129-1 Rating: important References: 1111151 1115769 1121846 Cross-References: CVE-2018-1000805 Affected Products: openSUSE Leap 15.0 An update that solves one vulnerability and has two fixes is now...

SUSE-SU-2019:0174-1 Security update for python-paramiko

This update for python-paramiko to version 2.4.2 fixes the following issues: Security issue fixed: - CVE-2018-1000805: Fixed an authentication bypass in authhandler.py bsc1111151 Non-security issue fixed: - Disable experimental gssapi support bsc1115769...

Privilege Escalation

389-ds-base is vulnerable to privilege escalation attacks. The vulnerability exists as the SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bi...

CVE-2018-15919

OpenSSH server was found to respond differently to failed GSSAPI authentication attempts when the target user existed versus when that user did not exist. A remote attacker could use this bug to test for the existence of particular usernames on a target system. Mitigation If GSSAPI Authentication...

Fedora 27 : openssh (2017-96d1995b70)

This update provides new upstream release OpenSSH 7.6 with several bug fixes and new features, including CVE-2017-15906, compatibility with WinSCP, improvement for PAM stack, enablement for s390x sandbox, new GSSAPI key exchange methods and improvement of handling kerberos tickets. Note that...