Security update for openssh

SUSE Security Update: Security update for openssh

---

Announcement ID:	SUSE-SU-2017:0606-1
Rating:	moderate
References:	#1005480 #1005893 #1016366 #1016369
Affected Products:	SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3

---

An update that solves three vulnerabilities and has one errata is now available.

Description:

This update for openssh fixes the following issues:

Security issues fixed:
- CVE-2016-8858: prevent resource depletion during key exchange
(bsc#1005480)
- CVE-2016-10009: limit directories for loading PKCS11 modules to avoid
privilege escalation (bsc#1016366)
- CVE-2016-10011: Prevent possible leaks of host private keys to
low-privilege process handling authentication (bsc#1016369)

Non security issues fixed:
- Properly verify CIDR masks in the AllowUsers and DenyUsers configuration
lists (bsc#1005893)

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

• SUSE OpenStack Cloud 5:
  zypper in -t patch sleclo50sp3-openssh-13005=1
• SUSE Manager Proxy 2.1:
  zypper in -t patch slemap21-openssh-13005=1
• SUSE Manager 2.1:
  zypper in -t patch sleman21-openssh-13005=1
• SUSE Linux Enterprise Server 11-SP3-LTSS:
  zypper in -t patch slessp3-openssh-13005=1
• SUSE Linux Enterprise Point of Sale 11-SP3:
  zypper in -t patch sleposp3-openssh-13005=1
• SUSE Linux Enterprise Debuginfo 11-SP3:
  zypper in -t patch dbgsp3-openssh-13005=1

To bring your system up-to-date, use "zypper patch".

Package List:

• SUSE OpenStack Cloud 5 (x86_64):
  • openssh-6.2p2-0.40.1
  • openssh-askpass-6.2p2-0.40.1
  • openssh-askpass-gnome-6.2p2-0.40.3
• SUSE Manager Proxy 2.1 (x86_64):
  • openssh-6.2p2-0.40.1
  • openssh-askpass-6.2p2-0.40.1
  • openssh-askpass-gnome-6.2p2-0.40.3
• SUSE Manager 2.1 (s390x x86_64):
  • openssh-6.2p2-0.40.1
  • openssh-askpass-6.2p2-0.40.1
  • openssh-askpass-gnome-6.2p2-0.40.3
• SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):
  • openssh-6.2p2-0.40.1
  • openssh-askpass-6.2p2-0.40.1
  • openssh-askpass-gnome-6.2p2-0.40.3
• SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
  • openssh-6.2p2-0.40.1
  • openssh-askpass-6.2p2-0.40.1
  • openssh-askpass-gnome-6.2p2-0.40.3
• SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
  • openssh-askpass-gnome-debuginfo-6.2p2-0.40.3
  • openssh-debuginfo-6.2p2-0.40.1
  • openssh-debugsource-6.2p2-0.40.1

References:

• https://www.suse.com/security/cve/CVE-2016-10009.html
• https://www.suse.com/security/cve/CVE-2016-10011.html
• https://www.suse.com/security/cve/CVE-2016-8858.html
• https://bugzilla.suse.com/1005480
• https://bugzilla.suse.com/1005893
• https://bugzilla.suse.com/1016366
• https://bugzilla.suse.com/1016369