Overview

File _patchinfo of Package patchinfo.5092

<patchinfo incident="5092">
  <issue id="1023275" tracker="bnc">openssh, sftp:  messages suppressed after upgrade from SLES 11 SP3 to SP4</issue>
  <issue id="1017099" tracker="bnc">SSH Match conditions with uppercase hostnames fail</issue>
  <issue id="1048367" tracker="bnc">sshd.service fails to signal startup failure</issue>
  <issue id="1053972" tracker="bnc">sshd supportedKeyExchanges diffie-hellman-group1-sha1 is duplicated</issue>
  <issue id="1065000" tracker="bnc">VUL-1: CVE-2017-15906: openssh: r/o sftp-server zero byte file creation</issue>
  <issue id="1016370" tracker="bnc">VUL-1: CVE-2016-10012: openssh: pre-auth compression checks could be optimized away</issue>
  <issue id="1069509" tracker="bnc">OpenSSH - accidental re-introduction of CVE-2008-1483</issue>
  <issue id="1076957" tracker="bnc">VUL-0: CVE-2016-10708: openssh: sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service(NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYSmessage, as demonstrated by Honggfuzz, related to kex</issue>
  <issue id="1092582" tracker="bnc">[Build 20180509-1] openQA test fails in sshd</issue>
  <issue id="2016-10708" tracker="cve" />
  <issue id="2017-15906" tracker="cve" />
  <issue id="2016-10012" tracker="cve" />
  <issue id="2008-1483" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>pcerny</packager>
  <description>This update for openssh provides the following fixes:

Security issues fixed:

- CVE-2017-15906: Stricter checking of operations in read-only mode in sftp server (bsc#1065000).
- CVE-2016-10012: Remove pre-auth compression support from the server to prevent possible cryptographic attacks (bsc#1016370).
- CVE-2008-1483: Refine handling of sockets for X11 forwarding to remove reintroduced CVE-2008-1483 (bsc#1069509).
- CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957).

Bug fixes:

- bsc#1017099: Enable case-insensitive hostname matching.
- bsc#1023275: Add a new switch for printing diagnostic messages in sftp client's batch mode.
- bsc#1048367: systemd integration to work around various race conditions.
- bsc#1053972: Remove duplicate KEX method.
- bsc#1092582: Add missing piece of systemd integration.
- Remove the limit on the amount of tasks sshd can run.
</description>
  <summary>Security update for openssh</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places