Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-10012 (GCVE-0-2016-10012)
Vulnerability from cvelistv5 – Published: 2017-01-05 00:00 – Updated: 2024-08-06 03:07
VLAI
EPSS
Summary
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
Date Public
2016-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171130-0002/"
},
{
"name": "[oss-security] 20161219 Announce: OpenSSH 7.4 released",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/19/2"
},
{
"name": "1037490",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037490"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637"
},
{
"name": "RHSA-2017:2029",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-7.4"
},
{
"name": "94975",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94975"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K62201745?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20171130-0002/"
},
{
"name": "[oss-security] 20161219 Announce: OpenSSH 7.4 released",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/19/2"
},
{
"name": "1037490",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1037490"
},
{
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us"
},
{
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637"
},
{
"name": "RHSA-2017:2029",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"url": "https://www.openssh.com/txt/release-7.4"
},
{
"name": "94975",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/94975"
},
{
"url": "https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9"
},
{
"url": "https://support.f5.com/csp/article/K62201745?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10012",
"datePublished": "2017-01-05T00:00:00.000Z",
"dateReserved": "2016-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:07:31.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-10012",
"date": "2026-05-27",
"epss": "0.00021",
"percentile": "0.06242"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.3\", \"matchCriteriaId\": \"B5D52975-3CB0-4BF7-975F-66EF9BF42A06\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.\"}, {\"lang\": \"es\", \"value\": \"El administrador de memoria compartida (asociado con la compresi\\u00f3n de pre-autenticaci\\u00f3n) en sshd en OpenSSH en versiones anteriores a 7.4 no asegura que una verificaci\\u00f3n de l\\u00edmites sea ejecutada por todos los compiladores, lo que podr\\u00eda permitir a usuarios locales obtener privilegios aprovechando el acceso a un proceso separado de privilegios aislado, relacionado con las estructuras de datos m_zback y m_zlib.\"}]",
"id": "CVE-2016-10012",
"lastModified": "2024-11-21T02:43:05.847",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2017-01-05T02:59:03.150",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2016/12/19/2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Release Notes\"]}, {\"url\": \"http://www.securityfocus.com/bid/94975\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id/1037490\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2029\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20171130-0002/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://support.f5.com/csp/article/K62201745?utm_source=f5support\u0026amp%3Butm_medium=RSS\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.openssh.com/txt/release-7.4\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2016/12/19/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Release Notes\"]}, {\"url\": \"http://www.securityfocus.com/bid/94975\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1037490\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2029\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20171130-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.f5.com/csp/article/K62201745?utm_source=f5support\u0026amp%3Butm_medium=RSS\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.openssh.com/txt/release-7.4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-10012\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-01-05T02:59:03.150\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.\"},{\"lang\":\"es\",\"value\":\"El administrador de memoria compartida (asociado con la compresi\u00f3n de pre-autenticaci\u00f3n) en sshd en OpenSSH en versiones anteriores a 7.4 no asegura que una verificaci\u00f3n de l\u00edmites sea ejecutada por todos los compiladores, lo que podr\u00eda permitir a usuarios locales obtener privilegios aprovechando el acceso a un proceso separado de privilegios aislado, relacionado con las estructuras de datos m_zback y m_zlib.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.3\",\"matchCriteriaId\":\"B5D52975-3CB0-4BF7-975F-66EF9BF42A06\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2016/12/19/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"http://www.securityfocus.com/bid/94975\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1037490\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2029\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20171130-0002/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.f5.com/csp/article/K62201745?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.openssh.com/txt/release-7.4\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/12/19/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"http://www.securityfocus.com/bid/94975\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1037490\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.647637\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2029\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20171130-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.f5.com/csp/article/K62201745?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03818en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.openssh.com/txt/release-7.4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
SUSE-SU-2018:2719-1
Vulnerability from csaf_suse - Published: 2018-09-14 14:06 - Updated: 2018-09-14 14:06Summary
Security update for openssh-openssl1
Severity
Important
Notes
Title of the patch: Security update for openssh-openssl1
Description of the patch: This update for openssh-openssl1 fixes the following issues:
These security issues were fixed:
- CVE-2016-10708: Prevent NULL pointer dereference via an out-of-sequence
NEWKEYS message allowed remote attackers to cause a denial of service
(bsc#1076957).
- CVE-2017-15906: The process_open function did not properly prevent write
operations in readonly mode, which allowed attackers to create zero-length
files (bsc#1065000).
- CVE-2016-10012: The shared memory manager (associated with pre-authentication
compression) did not ensure that a bounds check is enforced by all compilers,
which might have allowed local users to gain privileges by leveraging access to
a sandboxed privilege-separation process, related to the m_zback and m_zlib
data structures (bsc#1016370).
- CVE-2008-1483: Prevent local users from hijacking forwarded X connections by
causing ssh to set DISPLAY to :10, even when another process is listening on
the associated port. This problem was reontroduced by another patch and was
previously fixed by another update (bsc#1069509).
These non-security issues were fixed:
- Remove duplicate KEX method (bsc#1053972)
- New switch for printing diagnostic messages in sftp client's batch mode (bsc#1023275)
- Enable case-insensitive hostname matching (bsc#1017099)
Patchnames: secsp3-openssh-openssl1-13777
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.2 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.3 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
44 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssh-openssl1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssh-openssl1 fixes the following issues:\n\nThese security issues were fixed:\n\n- CVE-2016-10708: Prevent NULL pointer dereference via an out-of-sequence\n NEWKEYS message allowed remote attackers to cause a denial of service\n (bsc#1076957).\n- CVE-2017-15906: The process_open function did not properly prevent write\n operations in readonly mode, which allowed attackers to create zero-length\n files (bsc#1065000).\n- CVE-2016-10012: The shared memory manager (associated with pre-authentication\n compression) did not ensure that a bounds check is enforced by all compilers,\n which might have allowed local users to gain privileges by leveraging access to\n a sandboxed privilege-separation process, related to the m_zback and m_zlib\n data structures (bsc#1016370).\n- CVE-2008-1483: Prevent local users from hijacking forwarded X connections by\n causing ssh to set DISPLAY to :10, even when another process is listening on\n the associated port. This problem was reontroduced by another patch and was\n previously fixed by another update (bsc#1069509).\n\nThese non-security issues were fixed:\n\n- Remove duplicate KEX method (bsc#1053972)\n- New switch for printing diagnostic messages in sftp client\u0027s batch mode (bsc#1023275)\n- Enable case-insensitive hostname matching (bsc#1017099)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "secsp3-openssh-openssl1-13777",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2719-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2719-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182719-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2719-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-September/004564.html"
},
{
"category": "self",
"summary": "SUSE Bug 1016370",
"url": "https://bugzilla.suse.com/1016370"
},
{
"category": "self",
"summary": "SUSE Bug 1017099",
"url": "https://bugzilla.suse.com/1017099"
},
{
"category": "self",
"summary": "SUSE Bug 1023275",
"url": "https://bugzilla.suse.com/1023275"
},
{
"category": "self",
"summary": "SUSE Bug 1053972",
"url": "https://bugzilla.suse.com/1053972"
},
{
"category": "self",
"summary": "SUSE Bug 1065000",
"url": "https://bugzilla.suse.com/1065000"
},
{
"category": "self",
"summary": "SUSE Bug 1069509",
"url": "https://bugzilla.suse.com/1069509"
},
{
"category": "self",
"summary": "SUSE Bug 1076957",
"url": "https://bugzilla.suse.com/1076957"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-1483 page",
"url": "https://www.suse.com/security/cve/CVE-2008-1483/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10012 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10708 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15906 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15906/"
}
],
"title": "Security update for openssh-openssl1",
"tracking": {
"current_release_date": "2018-09-14T14:06:53Z",
"generator": {
"date": "2018-09-14T14:06:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2719-1",
"initial_release_date": "2018-09-14T14:06:53Z",
"revision_history": [
{
"date": "2018-09-14T14:06:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "openssh-openssl1-6.6p1-19.3.1.i586",
"product": {
"name": "openssh-openssl1-6.6p1-19.3.1.i586",
"product_id": "openssh-openssl1-6.6p1-19.3.1.i586"
}
},
{
"category": "product_version",
"name": "openssh-openssl1-helpers-6.6p1-19.3.1.i586",
"product": {
"name": "openssh-openssl1-helpers-6.6p1-19.3.1.i586",
"product_id": "openssh-openssl1-helpers-6.6p1-19.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-openssl1-6.6p1-19.3.1.ia64",
"product": {
"name": "openssh-openssl1-6.6p1-19.3.1.ia64",
"product_id": "openssh-openssl1-6.6p1-19.3.1.ia64"
}
},
{
"category": "product_version",
"name": "openssh-openssl1-helpers-6.6p1-19.3.1.ia64",
"product": {
"name": "openssh-openssl1-helpers-6.6p1-19.3.1.ia64",
"product_id": "openssh-openssl1-helpers-6.6p1-19.3.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-openssl1-6.6p1-19.3.1.ppc64",
"product": {
"name": "openssh-openssl1-6.6p1-19.3.1.ppc64",
"product_id": "openssh-openssl1-6.6p1-19.3.1.ppc64"
}
},
{
"category": "product_version",
"name": "openssh-openssl1-helpers-6.6p1-19.3.1.ppc64",
"product": {
"name": "openssh-openssl1-helpers-6.6p1-19.3.1.ppc64",
"product_id": "openssh-openssl1-helpers-6.6p1-19.3.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-openssl1-6.6p1-19.3.1.s390x",
"product": {
"name": "openssh-openssl1-6.6p1-19.3.1.s390x",
"product_id": "openssh-openssl1-6.6p1-19.3.1.s390x"
}
},
{
"category": "product_version",
"name": "openssh-openssl1-helpers-6.6p1-19.3.1.s390x",
"product": {
"name": "openssh-openssl1-helpers-6.6p1-19.3.1.s390x",
"product_id": "openssh-openssl1-helpers-6.6p1-19.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-openssl1-6.6p1-19.3.1.x86_64",
"product": {
"name": "openssh-openssl1-6.6p1-19.3.1.x86_64",
"product_id": "openssh-openssl1-6.6p1-19.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssh-openssl1-helpers-6.6p1-19.3.1.x86_64",
"product": {
"name": "openssh-openssl1-helpers-6.6p1-19.3.1.x86_64",
"product_id": "openssh-openssl1-helpers-6.6p1-19.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11-SECURITY",
"product": {
"name": "SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:11:security"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-openssl1-6.6p1-19.3.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.i586"
},
"product_reference": "openssh-openssl1-6.6p1-19.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-openssl1-6.6p1-19.3.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ia64"
},
"product_reference": "openssh-openssl1-6.6p1-19.3.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-openssl1-6.6p1-19.3.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ppc64"
},
"product_reference": "openssh-openssl1-6.6p1-19.3.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-openssl1-6.6p1-19.3.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.s390x"
},
"product_reference": "openssh-openssl1-6.6p1-19.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-openssl1-6.6p1-19.3.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.x86_64"
},
"product_reference": "openssh-openssl1-6.6p1-19.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-openssl1-helpers-6.6p1-19.3.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.i586"
},
"product_reference": "openssh-openssl1-helpers-6.6p1-19.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-openssl1-helpers-6.6p1-19.3.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ia64"
},
"product_reference": "openssh-openssl1-helpers-6.6p1-19.3.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-openssl1-helpers-6.6p1-19.3.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ppc64"
},
"product_reference": "openssh-openssl1-helpers-6.6p1-19.3.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-openssl1-helpers-6.6p1-19.3.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.s390x"
},
"product_reference": "openssh-openssl1-helpers-6.6p1-19.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-openssl1-helpers-6.6p1-19.3.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.x86_64"
},
"product_reference": "openssh-openssl1-helpers-6.6p1-19.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-1483",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-1483"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-1483",
"url": "https://www.suse.com/security/cve/CVE-2008-1483"
},
{
"category": "external",
"summary": "SUSE Bug 1069509 for CVE-2008-1483",
"url": "https://bugzilla.suse.com/1069509"
},
{
"category": "external",
"summary": "SUSE Bug 373527 for CVE-2008-1483",
"url": "https://bugzilla.suse.com/373527"
},
{
"category": "external",
"summary": "SUSE Bug 585630 for CVE-2008-1483",
"url": "https://bugzilla.suse.com/585630"
},
{
"category": "external",
"summary": "SUSE Bug 647633 for CVE-2008-1483",
"url": "https://bugzilla.suse.com/647633"
},
{
"category": "external",
"summary": "SUSE Bug 706386 for CVE-2008-1483",
"url": "https://bugzilla.suse.com/706386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-09-14T14:06:53Z",
"details": "important"
}
],
"title": "CVE-2008-1483"
},
{
"cve": "CVE-2016-10012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10012"
}
],
"notes": [
{
"category": "general",
"text": "The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10012",
"url": "https://www.suse.com/security/cve/CVE-2016-10012"
},
{
"category": "external",
"summary": "SUSE Bug 1006166 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1006166"
},
{
"category": "external",
"summary": "SUSE Bug 1016336 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1016336"
},
{
"category": "external",
"summary": "SUSE Bug 1016369 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1016369"
},
{
"category": "external",
"summary": "SUSE Bug 1016370 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1016370"
},
{
"category": "external",
"summary": "SUSE Bug 1017870 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1017870"
},
{
"category": "external",
"summary": "SUSE Bug 1026634 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1026634"
},
{
"category": "external",
"summary": "SUSE Bug 1035742 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1035742"
},
{
"category": "external",
"summary": "SUSE Bug 1073044 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1073044"
},
{
"category": "external",
"summary": "SUSE Bug 1092582 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1092582"
},
{
"category": "external",
"summary": "SUSE Bug 1138392 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1138392"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-09-14T14:06:53Z",
"details": "low"
}
],
"title": "CVE-2016-10012"
},
{
"cve": "CVE-2016-10708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10708"
}
],
"notes": [
{
"category": "general",
"text": "sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10708",
"url": "https://www.suse.com/security/cve/CVE-2016-10708"
},
{
"category": "external",
"summary": "SUSE Bug 1076957 for CVE-2016-10708",
"url": "https://bugzilla.suse.com/1076957"
},
{
"category": "external",
"summary": "SUSE Bug 1106726 for CVE-2016-10708",
"url": "https://bugzilla.suse.com/1106726"
},
{
"category": "external",
"summary": "SUSE Bug 1138392 for CVE-2016-10708",
"url": "https://bugzilla.suse.com/1138392"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-09-14T14:06:53Z",
"details": "moderate"
}
],
"title": "CVE-2016-10708"
},
{
"cve": "CVE-2017-15906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15906"
}
],
"notes": [
{
"category": "general",
"text": "The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15906",
"url": "https://www.suse.com/security/cve/CVE-2017-15906"
},
{
"category": "external",
"summary": "SUSE Bug 1064285 for CVE-2017-15906",
"url": "https://bugzilla.suse.com/1064285"
},
{
"category": "external",
"summary": "SUSE Bug 1065000 for CVE-2017-15906",
"url": "https://bugzilla.suse.com/1065000"
},
{
"category": "external",
"summary": "SUSE Bug 1074115 for CVE-2017-15906",
"url": "https://bugzilla.suse.com/1074115"
},
{
"category": "external",
"summary": "SUSE Bug 1079488 for CVE-2017-15906",
"url": "https://bugzilla.suse.com/1079488"
},
{
"category": "external",
"summary": "SUSE Bug 1090163 for CVE-2017-15906",
"url": "https://bugzilla.suse.com/1090163"
},
{
"category": "external",
"summary": "SUSE Bug 1099316 for CVE-2017-15906",
"url": "https://bugzilla.suse.com/1099316"
},
{
"category": "external",
"summary": "SUSE Bug 1138392 for CVE-2017-15906",
"url": "https://bugzilla.suse.com/1138392"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-6.6p1-19.3.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:openssh-openssl1-helpers-6.6p1-19.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-09-14T14:06:53Z",
"details": "moderate"
}
],
"title": "CVE-2017-15906"
}
]
}
SUSE-SU-2018:3540-1
Vulnerability from csaf_suse - Published: 2018-10-29 05:47 - Updated: 2018-10-29 05:47Summary
Security update for openssh
Severity
Important
Notes
Title of the patch: Security update for openssh
Description of the patch: This update for openssh fixes the following issues:
Security issues fixed:
- CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or 'oracle') as a vulnerability. (bsc#1106163)
- CVE-2017-15906: The process_open function in sftp-server.c in OpenSSH did not properly prevent write operations in readonly mode, which allowed attackers to create zero-length files. (bsc#1065000, bsc#1106726)
- CVE-2016-10708: sshd allowed remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. (bsc#1076957)
- CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010)
- CVE-2016-10012: Removed pre-auth compression support from the server to prevent possible cryptographic attacks. (bsc#1016370)
Bugs fixed:
- Fixed failing 'AuthorizedKeysCommand' within a 'Match User' block in sshd_config (bsc#1105180)
Patchnames: sleposp3-openssh-13848,slessp3-openssh-13848
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:openssh-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-gnome-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.3 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:openssh-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-gnome-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:openssh-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-gnome-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:openssh-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-gnome-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
44 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssh",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssh fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or \u0027oracle\u0027) as a vulnerability. (bsc#1106163)\n- CVE-2017-15906: The process_open function in sftp-server.c in OpenSSH did not properly prevent write operations in readonly mode, which allowed attackers to create zero-length files. (bsc#1065000, bsc#1106726)\n- CVE-2016-10708: sshd allowed remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. (bsc#1076957)\n- CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010)\n- CVE-2016-10012: Removed pre-auth compression support from the server to prevent possible cryptographic attacks. (bsc#1016370)\n\nBugs fixed:\n\n- Fixed failing \u0027AuthorizedKeysCommand\u0027 within a \u0027Match User\u0027 block in sshd_config (bsc#1105180)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleposp3-openssh-13848,slessp3-openssh-13848",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3540-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3540-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183540-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3540-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-October/004804.html"
},
{
"category": "self",
"summary": "SUSE Bug 1016370",
"url": "https://bugzilla.suse.com/1016370"
},
{
"category": "self",
"summary": "SUSE Bug 1065000",
"url": "https://bugzilla.suse.com/1065000"
},
{
"category": "self",
"summary": "SUSE Bug 1076957",
"url": "https://bugzilla.suse.com/1076957"
},
{
"category": "self",
"summary": "SUSE Bug 1105010",
"url": "https://bugzilla.suse.com/1105010"
},
{
"category": "self",
"summary": "SUSE Bug 1105180",
"url": "https://bugzilla.suse.com/1105180"
},
{
"category": "self",
"summary": "SUSE Bug 1106163",
"url": "https://bugzilla.suse.com/1106163"
},
{
"category": "self",
"summary": "SUSE Bug 1106726",
"url": "https://bugzilla.suse.com/1106726"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10012 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10708 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15906 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-15473 page",
"url": "https://www.suse.com/security/cve/CVE-2018-15473/"
}
],
"title": "Security update for openssh",
"tracking": {
"current_release_date": "2018-10-29T05:47:11Z",
"generator": {
"date": "2018-10-29T05:47:11Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3540-1",
"initial_release_date": "2018-10-29T05:47:11Z",
"revision_history": [
{
"date": "2018-10-29T05:47:11Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "openssh-6.2p2-0.41.5.1.i586",
"product": {
"name": "openssh-6.2p2-0.41.5.1.i586",
"product_id": "openssh-6.2p2-0.41.5.1.i586"
}
},
{
"category": "product_version",
"name": "openssh-askpass-6.2p2-0.41.5.1.i586",
"product": {
"name": "openssh-askpass-6.2p2-0.41.5.1.i586",
"product_id": "openssh-askpass-6.2p2-0.41.5.1.i586"
}
},
{
"category": "product_version",
"name": "openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"product": {
"name": "openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"product_id": "openssh-askpass-gnome-6.2p2-0.41.5.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-6.2p2-0.41.5.1.s390x",
"product": {
"name": "openssh-6.2p2-0.41.5.1.s390x",
"product_id": "openssh-6.2p2-0.41.5.1.s390x"
}
},
{
"category": "product_version",
"name": "openssh-askpass-6.2p2-0.41.5.1.s390x",
"product": {
"name": "openssh-askpass-6.2p2-0.41.5.1.s390x",
"product_id": "openssh-askpass-6.2p2-0.41.5.1.s390x"
}
},
{
"category": "product_version",
"name": "openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"product": {
"name": "openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"product_id": "openssh-askpass-gnome-6.2p2-0.41.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-6.2p2-0.41.5.1.x86_64",
"product": {
"name": "openssh-6.2p2-0.41.5.1.x86_64",
"product_id": "openssh-6.2p2-0.41.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssh-askpass-6.2p2-0.41.5.1.x86_64",
"product": {
"name": "openssh-askpass-6.2p2-0.41.5.1.x86_64",
"product_id": "openssh-askpass-6.2p2-0.41.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64",
"product": {
"name": "openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64",
"product_id": "openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-pos:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles_ltss:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:11:sp3:teradata"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-6.2p2-0.41.5.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:openssh-6.2p2-0.41.5.1.i586"
},
"product_reference": "openssh-6.2p2-0.41.5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-6.2p2-0.41.5.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-6.2p2-0.41.5.1.i586"
},
"product_reference": "openssh-askpass-6.2p2-0.41.5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-gnome-6.2p2-0.41.5.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-gnome-6.2p2-0.41.5.1.i586"
},
"product_reference": "openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-6.2p2-0.41.5.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.i586"
},
"product_reference": "openssh-6.2p2-0.41.5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-6.2p2-0.41.5.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.s390x"
},
"product_reference": "openssh-6.2p2-0.41.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-6.2p2-0.41.5.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.x86_64"
},
"product_reference": "openssh-6.2p2-0.41.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-6.2p2-0.41.5.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.i586"
},
"product_reference": "openssh-askpass-6.2p2-0.41.5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-6.2p2-0.41.5.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.s390x"
},
"product_reference": "openssh-askpass-6.2p2-0.41.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-6.2p2-0.41.5.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.x86_64"
},
"product_reference": "openssh-askpass-6.2p2-0.41.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-gnome-6.2p2-0.41.5.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.i586"
},
"product_reference": "openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-gnome-6.2p2-0.41.5.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x"
},
"product_reference": "openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64"
},
"product_reference": "openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-6.2p2-0.41.5.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.i586"
},
"product_reference": "openssh-6.2p2-0.41.5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-6.2p2-0.41.5.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.s390x"
},
"product_reference": "openssh-6.2p2-0.41.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-6.2p2-0.41.5.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.x86_64"
},
"product_reference": "openssh-6.2p2-0.41.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-6.2p2-0.41.5.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.i586"
},
"product_reference": "openssh-askpass-6.2p2-0.41.5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-6.2p2-0.41.5.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.s390x"
},
"product_reference": "openssh-askpass-6.2p2-0.41.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-6.2p2-0.41.5.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.x86_64"
},
"product_reference": "openssh-askpass-6.2p2-0.41.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-gnome-6.2p2-0.41.5.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.i586"
},
"product_reference": "openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-gnome-6.2p2-0.41.5.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x"
},
"product_reference": "openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64"
},
"product_reference": "openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-10012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10012"
}
],
"notes": [
{
"category": "general",
"text": "The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10012",
"url": "https://www.suse.com/security/cve/CVE-2016-10012"
},
{
"category": "external",
"summary": "SUSE Bug 1006166 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1006166"
},
{
"category": "external",
"summary": "SUSE Bug 1016336 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1016336"
},
{
"category": "external",
"summary": "SUSE Bug 1016369 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1016369"
},
{
"category": "external",
"summary": "SUSE Bug 1016370 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1016370"
},
{
"category": "external",
"summary": "SUSE Bug 1017870 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1017870"
},
{
"category": "external",
"summary": "SUSE Bug 1026634 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1026634"
},
{
"category": "external",
"summary": "SUSE Bug 1035742 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1035742"
},
{
"category": "external",
"summary": "SUSE Bug 1073044 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1073044"
},
{
"category": "external",
"summary": "SUSE Bug 1092582 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1092582"
},
{
"category": "external",
"summary": "SUSE Bug 1138392 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1138392"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-29T05:47:11Z",
"details": "low"
}
],
"title": "CVE-2016-10012"
},
{
"cve": "CVE-2016-10708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10708"
}
],
"notes": [
{
"category": "general",
"text": "sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10708",
"url": "https://www.suse.com/security/cve/CVE-2016-10708"
},
{
"category": "external",
"summary": "SUSE Bug 1076957 for CVE-2016-10708",
"url": "https://bugzilla.suse.com/1076957"
},
{
"category": "external",
"summary": "SUSE Bug 1106726 for CVE-2016-10708",
"url": "https://bugzilla.suse.com/1106726"
},
{
"category": "external",
"summary": "SUSE Bug 1138392 for CVE-2016-10708",
"url": "https://bugzilla.suse.com/1138392"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-29T05:47:11Z",
"details": "moderate"
}
],
"title": "CVE-2016-10708"
},
{
"cve": "CVE-2017-15906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15906"
}
],
"notes": [
{
"category": "general",
"text": "The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15906",
"url": "https://www.suse.com/security/cve/CVE-2017-15906"
},
{
"category": "external",
"summary": "SUSE Bug 1064285 for CVE-2017-15906",
"url": "https://bugzilla.suse.com/1064285"
},
{
"category": "external",
"summary": "SUSE Bug 1065000 for CVE-2017-15906",
"url": "https://bugzilla.suse.com/1065000"
},
{
"category": "external",
"summary": "SUSE Bug 1074115 for CVE-2017-15906",
"url": "https://bugzilla.suse.com/1074115"
},
{
"category": "external",
"summary": "SUSE Bug 1079488 for CVE-2017-15906",
"url": "https://bugzilla.suse.com/1079488"
},
{
"category": "external",
"summary": "SUSE Bug 1090163 for CVE-2017-15906",
"url": "https://bugzilla.suse.com/1090163"
},
{
"category": "external",
"summary": "SUSE Bug 1099316 for CVE-2017-15906",
"url": "https://bugzilla.suse.com/1099316"
},
{
"category": "external",
"summary": "SUSE Bug 1138392 for CVE-2017-15906",
"url": "https://bugzilla.suse.com/1138392"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-29T05:47:11Z",
"details": "moderate"
}
],
"title": "CVE-2017-15906"
},
{
"cve": "CVE-2018-15473",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-15473"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-15473",
"url": "https://www.suse.com/security/cve/CVE-2018-15473"
},
{
"category": "external",
"summary": "SUSE Bug 1105010 for CVE-2018-15473",
"url": "https://bugzilla.suse.com/1105010"
},
{
"category": "external",
"summary": "SUSE Bug 1106163 for CVE-2018-15473",
"url": "https://bugzilla.suse.com/1106163"
},
{
"category": "external",
"summary": "SUSE Bug 1123133 for CVE-2018-15473",
"url": "https://bugzilla.suse.com/1123133"
},
{
"category": "external",
"summary": "SUSE Bug 1138392 for CVE-2018-15473",
"url": "https://bugzilla.suse.com/1138392"
},
{
"category": "external",
"summary": "SUSE Bug 1205621 for CVE-2018-15473",
"url": "https://bugzilla.suse.com/1205621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-6.2p2-0.41.5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:openssh-askpass-gnome-6.2p2-0.41.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-29T05:47:11Z",
"details": "moderate"
}
],
"title": "CVE-2018-15473"
}
]
}
WID-SEC-W-2023-1996
Vulnerability from csaf_certbund - Published: 2016-12-19 23:00 - Updated: 2024-05-07 22:00Summary
OpenSSH: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: OpenSSH ist eine Open Source Implementierung des Secure Shell Protokolls.
Angriff: Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in OpenSSH ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen, seine Privilegien zu erweitern oder einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
Es existiert eine Schwachstelle in OpenSSH in Verbindung mit dem ssh-agent(1). Diese Schwachstelle beruht darauf, dass über den ssh-agent PKCS#11 Module von nicht vertrauenswürdigen Pfaden geladen werden können. Ein Angreifer kann diese Schwachstelle ausnutzen, um über einen weitergeleiteten Agent Channel maliziöse PKCS#11 Module zu laden. Da es sich bei PKCS#11 Module um geteilte Bibliotheken (Shared Libraries) handelt, ist in der Folge Codeausführung auf dem System, das den ssh-agent ausführt, möglich.
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
FreeBSD Project FreeBSD OS
FreeBSD Project
|
cpe:/o:freebsd:freebsd:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM AIX
IBM
|
cpe:/o:ibm:aix:-
|
— | |
|
IBM VIOS
IBM
|
cpe:/a:ibm:vios:-
|
— |
Es existiert eine Schwachstelle in OpenSSH im Zusammenhang mit sshd(8). Wenn "Privilege Separation" deaktiviert ist, dann können über sshd(8) "forwarded Unix-Domain Sockets" mit root-Berechtigungen erzeugt werden, anstatt mit den Berechtigungen des authentisierten Benutzers. Somit ist ein Angreifer in der Lage seine Privilegien zu erhöhen.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
FreeBSD Project FreeBSD OS
FreeBSD Project
|
cpe:/o:freebsd:freebsd:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Es existiert eine Schwachstelle in OpenSSH in Verbindung mit sshd(8). Diese Schwachstelle beruht auf einer fehlerhaften Berechtigungstrennung bei Child-Prozessen über "reallloc()", wenn SSH Schlüssel gelesen werden. In der Folge kann ein Angreifer diese Schwachstelle ausnutzen, um Teile des Host Private Key offenzulegen.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Es existiert eine Schwachstelle in OpenSSH in Verbindung mit sshd(8). Die Schwachstelle basiert auf einer fehlerhaften Kontrolle der Puffergrenzen des "Shared Memory Managers". Ein Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erhöhen.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Vulnerability 5
Es existiert eine Denial of Service Schwachstelle in OpenSSH im Zusammenhang mit sshd(8). Diese Schwachstelle besteht aufgrund fehlerhafter Verarbeitung von KEXINIT Nachrichten. In der Folge kann ein entfernter anonymer Angreifer diese Schwachstelle durch Senden von mehreren KEXINIT Nachrichten ausnutzen, um einen Denial of Service Zustand herbeizuführen.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
FreeBSD Project FreeBSD OS
FreeBSD Project
|
cpe:/o:freebsd:freebsd:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
NetApp Data ONTAP
NetApp
|
cpe:/a:netapp:data_ontap:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Juniper JUNOS
Juniper
|
cpe:/o:juniper:junos:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM AIX
IBM
|
cpe:/o:ibm:aix:-
|
— | |
|
IBM VIOS
IBM
|
cpe:/a:ibm:vios:-
|
— | |
|
PaloAlto Networks PAN-OS
PaloAlto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— |
Vulnerability 6
Es existiert eine Schwachstelle in OpenSSH in Verbindung mit sshd(8). Diese Schwachstelle beruht darauf, dass Adressbereichen für "AllowUser" und "DenyUsers" Direktiven fehlerhaft validiert werden. In der Folge werden durch die Konfiguration ungültiger CIDR Adressbereiche (z.B. benutzer@127.1.1.2/55) Zugriffe erlaubt bzw. ermöglicht, welche nicht beabsichtigt wurden.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
References
27 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "OpenSSH ist eine Open Source Implementierung des Secure Shell Protokolls.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in OpenSSH ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuf\u00fchren, seine Privilegien zu erweitern oder einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1996 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2016/wid-sec-w-2023-1996.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1996 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1996"
},
{
"category": "external",
"summary": "OpenSSH 7.4 Release vom 2016-12-19",
"url": "http://www.openssh.com/txt/release-7.4"
},
{
"category": "external",
"summary": "SecurityTracker Alert ID 1037490 vom 2016-12-19",
"url": "http://www.securitytracker.com/id/1037490"
},
{
"category": "external",
"summary": "FreeBSD Security Advisory: FreeBSD-SA-17:01.openssh.asc",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:01.openssh.asc"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:0264-1 vom 2017-01-24",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170264-1.html"
},
{
"category": "external",
"summary": "F5 Security Advisory K64292204 vom 2017-01-24",
"url": "https://support.f5.com/csp/article/K64292204"
},
{
"category": "external",
"summary": "F5 Security Advisory K31440025 vom 2017-01-24",
"url": "https://support.f5.com/csp/article/K31440025"
},
{
"category": "external",
"summary": "F5 Security Advisory K62201745 vom 2017-01-27",
"url": "https://support.f5.com/csp/article/K62201745"
},
{
"category": "external",
"summary": "IBM Security Advisory openssh_advisory10.asc",
"url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory10.asc"
},
{
"category": "external",
"summary": "The FreeBSD Project Security Advisory: FreeBSD-SA-17:01.openssh",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:01.openssh.asc"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:0603-1 vom 2017-03-03",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170603-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:0607-1 vom 2017-03-06",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170607-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:0606-1 vom 2017-03-06",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170606-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:1661-1 vom 2017-06-24",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171661-1.html"
},
{
"category": "external",
"summary": "RedHat Security Advisory: RHSA-2017:2029",
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3538-1 vom 2018-01-22",
"url": "http://www.ubuntu.com/usn/usn-3538-1/"
},
{
"category": "external",
"summary": "McAfee Security Bulletin: SB10239",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10239"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2275-1 vom 2018-08-10",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182275-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2685-1 vom 2018-09-11",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182685-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:2719-1 vom 2018-09-15",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182719-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:3540-1 vom 2018-10-29",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183540-1.html"
},
{
"category": "external",
"summary": "Palo Alto Networks Security Advisory PAN-SA-2020-0005 vom 2020-05-13",
"url": "https://security.paloaltonetworks.com/PAN-SA-2020-0005"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA11169 vom 2021-04-16",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11169"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-2176 vom 2023-08-09",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2176.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1802 vom 2023-08-23",
"url": "https://alas.aws.amazon.com/ALAS-2023-1802.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-198 vom 2024-05-08",
"url": "https://www.dell.com/support/kbdoc/000224827/dsa-2024-="
}
],
"source_lang": "en-US",
"title": "OpenSSH: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-05-07T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:56:43.803+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1996",
"initial_release_date": "2016-12-19T23:00:00.000+00:00",
"revision_history": [
{
"date": "2016-12-19T23:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2016-12-19T23:00:00.000+00:00",
"number": "2",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-12-19T23:00:00.000+00:00",
"number": "3",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-01-10T23:00:00.000+00:00",
"number": "4",
"summary": "New remediations available"
},
{
"date": "2017-01-23T23:00:00.000+00:00",
"number": "5",
"summary": "New remediations available"
},
{
"date": "2017-01-23T23:00:00.000+00:00",
"number": "6",
"summary": "New remediations available"
},
{
"date": "2017-01-23T23:00:00.000+00:00",
"number": "7",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-01-29T23:00:00.000+00:00",
"number": "8",
"summary": "New remediations available"
},
{
"date": "2017-02-20T23:00:00.000+00:00",
"number": "9",
"summary": "New remediations available"
},
{
"date": "2017-02-20T23:00:00.000+00:00",
"number": "10",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-02-20T23:00:00.000+00:00",
"number": "11",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-02-22T23:00:00.000+00:00",
"number": "12",
"summary": "New remediations available"
},
{
"date": "2017-03-05T23:00:00.000+00:00",
"number": "13",
"summary": "New remediations available"
},
{
"date": "2017-03-06T23:00:00.000+00:00",
"number": "14",
"summary": "New remediations available"
},
{
"date": "2017-03-06T23:00:00.000+00:00",
"number": "15",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-06-26T22:00:00.000+00:00",
"number": "16",
"summary": "New remediations available"
},
{
"date": "2017-08-01T22:00:00.000+00:00",
"number": "17",
"summary": "New remediations available"
},
{
"date": "2017-08-07T22:00:00.000+00:00",
"number": "18",
"summary": "Added references"
},
{
"date": "2018-06-13T22:00:00.000+00:00",
"number": "19",
"summary": "New remediations available"
},
{
"date": "2018-08-09T22:00:00.000+00:00",
"number": "20",
"summary": "New remediations available"
},
{
"date": "2018-08-09T22:00:00.000+00:00",
"number": "21",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-08-09T22:00:00.000+00:00",
"number": "22",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-08-23T22:00:00.000+00:00",
"number": "23",
"summary": "Added references"
},
{
"date": "2018-09-11T22:00:00.000+00:00",
"number": "24",
"summary": "Produkte erg\u00e4nzt"
},
{
"date": "2018-09-11T22:00:00.000+00:00",
"number": "25",
"summary": "New remediations available"
},
{
"date": "2018-09-16T22:00:00.000+00:00",
"number": "26",
"summary": "New remediations available"
},
{
"date": "2018-10-29T23:00:00.000+00:00",
"number": "27",
"summary": "New remediations available"
},
{
"date": "2020-05-13T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Palo Alto Networks aufgenommen"
},
{
"date": "2021-04-15T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Juniper aufgenommen"
},
{
"date": "2023-08-08T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-08-23T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-05-07T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Dell aufgenommen"
}
],
"status": "final",
"version": "32"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "virtual",
"product": {
"name": "Dell NetWorker virtual",
"product_id": "T034583",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:virtual"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "EMC Avamar",
"product": {
"name": "EMC Avamar",
"product_id": "T014381",
"product_identification_helper": {
"cpe": "cpe:/a:emc:avamar:-"
}
}
}
],
"category": "vendor",
"name": "EMC"
},
{
"branches": [
{
"category": "product_name",
"name": "FreeBSD Project FreeBSD OS",
"product": {
"name": "FreeBSD Project FreeBSD OS",
"product_id": "4035",
"product_identification_helper": {
"cpe": "cpe:/o:freebsd:freebsd:-"
}
}
}
],
"category": "vendor",
"name": "FreeBSD Project"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM AIX",
"product": {
"name": "IBM AIX",
"product_id": "5094",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:-"
}
}
},
{
"category": "product_name",
"name": "IBM VIOS",
"product": {
"name": "IBM VIOS",
"product_id": "T004571",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:vios:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Juniper JUNOS",
"product": {
"name": "Juniper JUNOS",
"product_id": "5930",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:-"
}
}
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp Data ONTAP",
"product": {
"name": "NetApp Data ONTAP",
"product_id": "7654",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:data_ontap:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.4",
"product": {
"name": "Open Source OpenSSH \u003c7.4",
"product_id": "8223"
}
}
],
"category": "product_name",
"name": "OpenSSH"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "PaloAlto Networks PAN-OS",
"product": {
"name": "PaloAlto Networks PAN-OS",
"product_id": "T012790",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:-"
}
}
}
],
"category": "vendor",
"name": "PaloAlto Networks"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-10009",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in OpenSSH in Verbindung mit dem ssh-agent(1). Diese Schwachstelle beruht darauf, dass \u00fcber den ssh-agent PKCS#11 Module von nicht vertrauensw\u00fcrdigen Pfaden geladen werden k\u00f6nnen. Ein Angreifer kann diese Schwachstelle ausnutzen, um \u00fcber einen weitergeleiteten Agent Channel malizi\u00f6se PKCS#11 Module zu laden. Da es sich bei PKCS#11 Module um geteilte Bibliotheken (Shared Libraries) handelt, ist in der Folge Codeausf\u00fchrung auf dem System, das den ssh-agent ausf\u00fchrt, m\u00f6glich."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"4035",
"T000126",
"T034583",
"398363",
"5094",
"T004571"
]
},
"release_date": "2016-12-19T23:00:00.000+00:00",
"title": "CVE-2016-10009"
},
{
"cve": "CVE-2016-10010",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in OpenSSH im Zusammenhang mit sshd(8). Wenn \"Privilege Separation\" deaktiviert ist, dann k\u00f6nnen \u00fcber sshd(8) \"forwarded Unix-Domain Sockets\" mit root-Berechtigungen erzeugt werden, anstatt mit den Berechtigungen des authentisierten Benutzers. Somit ist ein Angreifer in der Lage seine Privilegien zu erh\u00f6hen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"4035",
"T000126",
"T034583",
"398363"
]
},
"release_date": "2016-12-19T23:00:00.000+00:00",
"title": "CVE-2016-10010"
},
{
"cve": "CVE-2016-10011",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in OpenSSH in Verbindung mit sshd(8). Diese Schwachstelle beruht auf einer fehlerhaften Berechtigungstrennung bei Child-Prozessen \u00fcber \"reallloc()\", wenn SSH Schl\u00fcssel gelesen werden. In der Folge kann ein Angreifer diese Schwachstelle ausnutzen, um Teile des Host Private Key offenzulegen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T034583",
"398363"
]
},
"release_date": "2016-12-19T23:00:00.000+00:00",
"title": "CVE-2016-10011"
},
{
"cve": "CVE-2016-10012",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in OpenSSH in Verbindung mit sshd(8). Die Schwachstelle basiert auf einer fehlerhaften Kontrolle der Puffergrenzen des \"Shared Memory Managers\". Ein Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erh\u00f6hen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T034583",
"398363"
]
},
"release_date": "2016-12-19T23:00:00.000+00:00",
"title": "CVE-2016-10012"
},
{
"notes": [
{
"category": "description",
"text": "Es existiert eine Denial of Service Schwachstelle in OpenSSH im Zusammenhang mit sshd(8). Diese Schwachstelle besteht aufgrund fehlerhafter Verarbeitung von KEXINIT Nachrichten. In der Folge kann ein entfernter anonymer Angreifer diese Schwachstelle durch Senden von mehreren KEXINIT Nachrichten ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"4035",
"T000126",
"7654",
"T034583",
"5930",
"398363",
"5094",
"T004571",
"T012790"
]
},
"release_date": "2016-12-20T23:00:00.000+00:00"
},
{
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in OpenSSH in Verbindung mit sshd(8). Diese Schwachstelle beruht darauf, dass Adressbereichen f\u00fcr \"AllowUser\" und \"DenyUsers\" Direktiven fehlerhaft validiert werden. In der Folge werden durch die Konfiguration ung\u00fcltiger CIDR Adressbereiche (z.B. benutzer@127.1.1.2/55) Zugriffe erlaubt bzw. erm\u00f6glicht, welche nicht beabsichtigt wurden."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583",
"398363"
]
},
"release_date": "2016-12-20T23:00:00.000+00:00"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…