openSUSE Security Update : dropbear (openSUSE-SU-2013:1696-1)
Medium Nessus Plugin ID 75194
SynopsisThe remote openSUSE host is missing a security update.
Descriptiondropbear was updated to version 2013.60 to fix following bugs :
- Fix 'make install' so that it doesn't always install to /bin and /sbin
- Fix 'make install MULTI=1', installing manpages failed
- Fix 'make install' when scp is included since it has no manpage
- Make --disable-bundled-libtom work
- used as bug fix release for bnc#845306 - VUL-0:
CVE-2013-4421 and CVE-2013-4434
- provided links for download sources
- employed gpg-offline - verify sources
- imported upstream version 2013.59
- Fix crash from -J command Thanks to LluÃ­s Batlle i Rossell and Arnaud Mouiche for patches
- Avoid reading too much from /proc/net/rt_cache since that causes system slowness.
- Improve EOF handling for half-closed connections Thanks to Catalin Patulea
- Send a banner message to report PAM error messages intended for the user Patch from Martin Donnelly
- Limit the size of decompressed payloads, avoids memory exhaustion denial of service Thanks to Logan Lamb for reporting and investigating it
- Avoid disclosing existence of valid users through inconsistent delays Thanks to Logan Lamb for reporting
- Update config.guess and config.sub for newer architectures
- Avoid segfault in server for locked accounts
- 'make install' now installs manpages dropbearkey.8 has been renamed to dropbearkey.1 manpage added for dropbearconvert
- Get rid of one second delay when running non-interactive commands
SolutionUpdate the affected dropbear packages.