SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2017:0264-1)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

This update for openssh fixes several issues. These security issues
were fixed :

- CVE-2016-8858: The kex_input_kexinit function in kex.c
allowed remote attackers to cause a denial of service
(memory consumption) by sending many duplicate KEXINIT
requests (bsc#1005480).

- CVE-2016-10012: The shared memory manager (associated
with pre-authentication compression) did not ensure that
a bounds check is enforced by all compilers, which might
allowed local users to gain privileges by leveraging
access to a sandboxed privilege-separation process,
related to the m_zback and m_zlib data structures
(bsc#1016370).

- CVE-2016-10009: Untrusted search path vulnerability in
ssh-agent.c allowed remote attackers to execute
arbitrary local PKCS#11 modules by leveraging control
over a forwarded agent-socket (bsc#1016366).

- CVE-2016-10010: When forwarding unix domain sockets with
privilege separation disabled, the resulting sockets
have be created as 'root' instead of the authenticated
user. Forwarding unix domain sockets without privilege
separation enabled is now rejected.

- CVE-2016-10011: authfile.c in sshd did not properly
consider the effects of realloc on buffer contents,
which might allowed local users to obtain sensitive
private-key information by leveraging access to a
privilege-separated child process (bsc#1016369). These
non-security issues were fixed :

- Adjusted suggested command for removing conflicting
server keys from the known_hosts file (bsc#1006221)

- Properly verify CIDR masks in configuration
(bsc#1005893)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1005480
https://bugzilla.suse.com/1005893
https://bugzilla.suse.com/1006221
https://bugzilla.suse.com/1016366
https://bugzilla.suse.com/1016368
https://bugzilla.suse.com/1016369
https://bugzilla.suse.com/1016370
https://www.suse.com/security/cve/CVE-2016-10009.html
https://www.suse.com/security/cve/CVE-2016-10010.html
https://www.suse.com/security/cve/CVE-2016-10011.html
https://www.suse.com/security/cve/CVE-2016-10012.html
https://www.suse.com/security/cve/CVE-2016-8858.html
http://www.nessus.org/u?855f094a

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
patch SUSE-SLE-RPI-12-SP2-2017-138=1

SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-2017-138=1

SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP2-2017-138=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 96718 ()

Bugtraq ID:

CVE ID: CVE-2016-10009
CVE-2016-10010
CVE-2016-10011
CVE-2016-10012
CVE-2016-8858

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now