139 matches found
SUSE-SU-2019:0496-1 Security update for openssh
This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers bsc1121816 -...
SUSE-SU-2019:0132-1 Security update for openssh
This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions bsc1121571 - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to...
SUSE-SU-2019:13931-1 Security update for openssh
This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions bsc1121571 - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to...
SUSE-SU-2019:0126-1 Security update for openssh
This update for openssh fixes the following issues: Security issues fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions bsc1121571 - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to...
SUSE-SU-2019:0125-1 Security update for openssh
This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions bsc1121571 - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to...
SUSE-SU-2018:3910-1 Security update for openssh
This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully...
SUSE-SU-2018:3776-1 Security update for openssh
This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not...
SUSE-SU-2018:3686-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration ...
SUSE-SU-2018:3540-1 Security update for openssh
This update for openssh fixes the following issues: Security issues fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such ...
SUSE-SU-2018:2530-2 Security update for openssh
This update for openssh fixes the following issues: Security issue fixed: - CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message bsc1076957...
MGASA-2018-0363 Updated openssh packages fix security vulnerability
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c CVE-2018-15473...
SUSE-SU-2018:2275-1 Security update for openssh
This update for openssh fixes the following issues: Security issues fixed: - CVE-2016-10012: Fix pre-auth compression checks that could be optimized away bsc1016370. - CVE-2016-10708: Fix remote denial of service NULL pointer dereference and daemon crash via an out-of-sequence NEWKEYSmessage...
SUSE-SU-2017:0607-2 Security update for openssh
This update for openssh fixes the following issues: - CVE-2016-8858: prevent resource depletion during key exchange bsc1005480 - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation bsc1016366 - CVE-2016-10011: Prevent possible leaks of host private keys to...
SUSE-SU-2017:0607-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2016-8858: prevent resource depletion during key exchange bsc1005480 - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation bsc1016366 - CVE-2016-10011: Prevent possible leaks of host private keys to...
SUSE-SU-2017:0607-3 Security update for openssh
This update for openssh fixes the following issues: - CVE-2016-8858: prevent resource depletion during key exchange bsc1005480 - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation bsc1016366 - CVE-2016-10011: Prevent possible leaks of host private keys to...
SUSE-SU-2017:0606-1 Security update for openssh
This update for openssh fixes the following issues: Security issues fixed: - CVE-2016-8858: prevent resource depletion during key exchange bsc1005480 - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation bsc1016366 - CVE-2016-10011: Prevent possible leaks of...
SUSE-SU-2017:0603-1 Security update for openssh
This update for openssh fixes the following issues: Security issues fixed: - CVE-2016-8858: prevent resource depletion during key exchange bsc1005480 - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation bsc1016366 - CVE-2016-10011: Prevent possible leaks of...
SUSE-SU-2017:0264-1 Security update for openssh
This update for openssh fixes several issues. These security issues were fixed: - CVE-2016-8858: The kexinputkexinit function in kex.c allowed remote attackers to cause a denial of service memory consumption by sending many duplicate KEXINIT requests bsc1005480. - CVE-2016-10012: The shared memor...
CVE-2016-8858
The kexinputkexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service memory consumption by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."...
SUSE-SU-2016:2388-1 Security update for openssh
This update for OpenSSH fixes the following issues: - Prevent user enumeration through the timing of password processing. bsc989363, CVE-2016-6210 - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used. bsc948902 - Sanitize input for xauth1. bsc970632...