Security update for openssh

This update for openssh fixes the following issues:

- CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480)
- CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation (bsc#1016366)
- CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369)

- Fix suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221)
- Properly verify CIDR masks in the AllowUsers and DenyUsers configuration lists (bsc#1005893)

This update was imported from the SUSE:SLE-12:Update update project.

Fixed bugs
bnc#1006221
command to remove outdated hostkey from known_hosts file wrong
bnc#1005480
VUL-1: CVE-2016-8858: openssh: KEXINIT: Memory exhaustion issue found in OpenSSH (DoS)
bnc#1005893
VUL-1: openssh: Inconsistent CIDR netmask, stray comma, or blank in AllowUsers/DenyUsers host list improperly permits/denies login (VulnDB 148977)
bnc#1016366
VUL-0: CVE-2016-10009: openssh: limit pkcs11 module loading
bnc#1016369
VUL-0: CVE-2016-10011: openssh: theoretical leak of host private key material
Selected Binaries
openSUSE Build Service is sponsored by