SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2017:0264-1)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

This update for openssh fixes several issues. These security issues
were fixed :

- CVE-2016-8858: The kex_input_kexinit function in kex.c
allowed remote attackers to cause a denial of service
(memory consumption) by sending many duplicate KEXINIT
requests (bsc#1005480).

- CVE-2016-10012: The shared memory manager (associated
with pre-authentication compression) did not ensure that
a bounds check is enforced by all compilers, which might
allowed local users to gain privileges by leveraging
access to a sandboxed privilege-separation process,
related to the m_zback and m_zlib data structures

- CVE-2016-10009: Untrusted search path vulnerability in
ssh-agent.c allowed remote attackers to execute
arbitrary local PKCS#11 modules by leveraging control
over a forwarded agent-socket (bsc#1016366).

- CVE-2016-10010: When forwarding unix domain sockets with
privilege separation disabled, the resulting sockets
have be created as 'root' instead of the authenticated
user. Forwarding unix domain sockets without privilege
separation enabled is now rejected.

- CVE-2016-10011: authfile.c in sshd did not properly
consider the effects of realloc on buffer contents,
which might allowed local users to obtain sensitive
private-key information by leveraging access to a
privilege-separated child process (bsc#1016369). These
non-security issues were fixed :

- Adjusted suggested command for removing conflicting
server keys from the known_hosts file (bsc#1006221)

- Properly verify CIDR masks in configuration

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
patch SUSE-SLE-RPI-12-SP2-2017-138=1

SUSE Linux Enterprise Server 12-SP2:zypper in -t patch

SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.8
CVSS Temporal Score : 5.8
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 96718 ()

Bugtraq ID:

CVE ID: CVE-2016-10009

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now