Security update for openssh
This update for openssh fixes the following issues:
Security issue fixed:
- CVE-2017-15906: Stricter checking of operations in read-only mode in sftp server (bsc#1065000).
Bug fixes:
- FIPS: Startup selfchecks (bsc#1068310).
- FIPS: Silent complaints about unsupported key exchange methods (bsc#1006166).
- Refine handling of sockets for X11 forwarding to remove reintroduced CVE-2008-1483 (bsc#1069509).
- Test configuration before running daemon to prevent looping resulting in service shutdown (bsc#1048367)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
-
Submitted by
Petr Cerny (pcerny)
Fixed bugs
bnc#1068310
[FIPS] openssh: integrity check not performed
bnc#1069509
OpenSSH - accidental re-introduction of CVE-2008-1483
bnc#1048367
sshd.service fails to signal startup failure
bnc#1006166
[Build2180] FIPS: openssh client is printing error message about unsupported KEX curve25519
bnc#1065000
VUL-1: CVE-2017-15906: openssh: r/o sftp-server zero byte file creation
