Security update for openssh
This update for openssh fixes the following issues:
- CVE-2020-14145: Fixed a potential information leak during host key exchange (bsc#1173513).
- Supplement libgtk-3-0 instead of libX11-6 to avoid installation on a textmode install (bsc#1142000)
- Fixed an issue where oracle cluster with cluvfy using "scp" failing/missinterpreted (bsc#1148566).
- Fixed sshd termination of multichannel sessions with non-root users (bsc#1115550,bsc#1174162).
- Added speculative hardening for key storage (bsc#1139398).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
-
Submitted by
Hans Petter Jansson (hpjansson)
Fixed bugs
bnc#1174162
kernel: sshd : segfault at 30000000b error 4 in libc-2.26.so - ref:_00D1igLOd._5001iPxqr9:ref
bnc#1139398
VUL-1: openssh: speculative hardening for key storage
bnc#1148566
L3-Question: oracle cluster issue with cluvfy using "scp" failing/missinterpreted after upgrading ref:_00D1igLOd._5001iKKNzK:ref
bnc#1173513
VUL-0: CVE-2020-14145: openssh: Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempt
bnc#1115550
SSHD termination of multichannel sessions with non-root users (error on 'mm_request_receive_expect')
bnc#1142000
openssh-askpass-gnome bloats server installation
