Security update for openssh
SUSE Security Update: Security update for openssh
Announcement ID: | SUSE-SU-2016:2281-1 |
Rating: | moderate |
References: | #948902 #981654 #989363 #992533 |
Affected Products: |
An update that solves two vulnerabilities and has two fixes is now available.
Description:
This update for openssh fixes the following issues:
- CVE-2016-6210: Prevent user enumeration through the timing of password
processing (bsc#989363) [-prevent_timing_user_enumeration]
- Allow lowering the DH groups parameter limit in server as well as when
GSSAPI key exchange is used (bsc#948902)
- CVE-2016-6515: Limiting the accepted password length to prevent possible
DoS (bsc#992533)
Bug fixes:
- avoid complaining about unset DISPLAY variable (bsc#981654)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-openssh-12736=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-openssh-12736=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
- openssh-6.6p1-28.1
- openssh-askpass-gnome-6.6p1-28.2
- openssh-fips-6.6p1-28.1
- openssh-helpers-6.6p1-28.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
- openssh-askpass-gnome-debuginfo-6.6p1-28.2
- openssh-debuginfo-6.6p1-28.1
- openssh-debugsource-6.6p1-28.1