{"affected":[{"ecosystem_specific":{"binaries":[{"openssh":"6.6p1-13.1","openssh-askpass-gnome":"6.6p1-13.3","openssh-helpers":"6.6p1-13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 11 SP4","name":"openssh","purl":"pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.6p1-13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"openssh":"6.6p1-13.1","openssh-askpass-gnome":"6.6p1-13.3","openssh-helpers":"6.6p1-13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 11 SP4","name":"openssh-askpass-gnome","purl":"pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.6p1-13.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"openssh":"6.6p1-13.1","openssh-askpass-gnome":"6.6p1-13.3","openssh-fips":"6.6p1-13.1","openssh-helpers":"6.6p1-13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"openssh","purl":"pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.6p1-13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"openssh":"6.6p1-13.1","openssh-askpass-gnome":"6.6p1-13.3","openssh-fips":"6.6p1-13.1","openssh-helpers":"6.6p1-13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"openssh-askpass-gnome","purl":"pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.6p1-13.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"openssh":"6.6p1-13.1","openssh-askpass-gnome":"6.6p1-13.3","openssh-fips":"6.6p1-13.1","openssh-helpers":"6.6p1-13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"openssh","purl":"pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.6p1-13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"openssh":"6.6p1-13.1","openssh-askpass-gnome":"6.6p1-13.3","openssh-fips":"6.6p1-13.1","openssh-helpers":"6.6p1-13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"openssh-askpass-gnome","purl":"pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.6p1-13.3"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"OpenSSH was updated to fix several security issues and bugs.\n\nPlease note that due to a bug in the previous shipped openssh version, sshd might\nnot correctly restart. Please verify that the ssh daemon is running after installing\nthis update.\n\nThese security issues were fixed:\n\n* CVE-2015-5352: The x11_open_helper function, when ForwardX11Trusted mode\n  is not used, lacked a check of the refusal deadline for X connections,\n  which made it easier for remote attackers to bypass intended access\n  restrictions via a connection outside of the permitted time window.\n  (bsc#936695)\n\n* CVE-2015-5600: The kbdint_next_device function in auth2-chall.c\n  in sshd did not properly restrict the processing of keyboard-interactive\n  devices within a single connection, which made it easier for remote\n  attackers to conduct brute-force attacks or cause a denial of service\n  (CPU consumption) via a long and duplicative list in the ssh\n  -oKbdInteractiveDevices option, as demonstrated by a modified client\n  that provides a different password for each pam element on this list.\n  (bsc#938746)\n\n* CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM.\n  (bsc#932483)\n\n* Hardening patch to fix sftp RCE. (bsc#903649)\n\n* CVE-2015-6563: The monitor component in sshd accepted extraneous username\n  data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to\n  conduct impersonation attacks by leveraging any SSH login access in\n  conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM\n  request, related to monitor.c and monitor_wrap.c.\n\n* CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx\n  function in monitor.c in sshd might have allowed local users to gain\n  privileges by leveraging control of the sshd uid to send an unexpectedly\n  early MONITOR_REQ_PAM_FREE_CTX request.\n\nAdditional a bug was fixed that could lead to openssh not working in \nchroot (bsc#947458).\n","id":"SUSE-SU-2015:1695-1","modified":"2015-10-05T16:22:28Z","published":"2015-10-05T16:22:28Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20151695-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/903649"},{"type":"REPORT","url":"https://bugzilla.suse.com/932483"},{"type":"REPORT","url":"https://bugzilla.suse.com/936695"},{"type":"REPORT","url":"https://bugzilla.suse.com/938746"},{"type":"REPORT","url":"https://bugzilla.suse.com/939932"},{"type":"REPORT","url":"https://bugzilla.suse.com/943006"},{"type":"REPORT","url":"https://bugzilla.suse.com/943010"},{"type":"REPORT","url":"https://bugzilla.suse.com/945484"},{"type":"REPORT","url":"https://bugzilla.suse.com/945493"},{"type":"REPORT","url":"https://bugzilla.suse.com/947458"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4000"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5352"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5600"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-6563"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-6564"}],"related":["CVE-2015-4000","CVE-2015-5352","CVE-2015-5600","CVE-2015-6563","CVE-2015-6564"],"summary":"Security update for openssh","upstream":["CVE-2015-4000","CVE-2015-5352","CVE-2015-5600","CVE-2015-6563","CVE-2015-6564"]}