Security update for openssh
This update for openssh fixes the following issues:
- Prevent user enumeration through the timing of password
processing (bsc#989363, CVE-2016-6210)
- Allow lowering the DH groups parameter limit in server as well
as when GSSAPI key exchange is used (bsc#948902)
- limit accepted password length (prevents possible DoS)
(bsc#992533, CVE-2016-6515)
Bug fixes:
- avoid complaining about unset DISPLAY variable (bsc#981654)
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Petr Cerny (pcerny)
Fixed bugs
bnc#989363
VUL-0: CVE-2016-6210: openssh: User enumeration via covert timing channel
bnc#948902
sftp failures after installation of openssh 6.2p2-0.21.1
bnc#992533
VUL-0: CVE-2016-6515: openssh: auth_password function in auth-passwd.c in OpenSSH before 7.3 does not limit password length
bnc#981654
openssh error mesage about undefined display in SLE 12
