openSUSE Security Update: Security update for openssh
Announcement ID: openSUSE-SU-2018:3946-1
References: #1091396 #1105010 #964336
openSUSE Leap 42.3
An update that solves one vulnerability and has two fixes
is now available.
This update for openssh fixes the following issues:
Following security issues have been fixed:
– CVE-2018-15473: OpenSSH was prone to a user existance oracle
vulnerability due to not delaying bailout for an invalid authenticating
user until after the packet containing the request has been fully
parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
The following non-security issues were fixed:
– Stop leaking File descriptors (bsc#964336)
– sftp-client.c returns wrong error code upon failure [bsc#1091396]
This update was imported from the SUSE:SLE-12-SP2:Update update project.
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
– openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1477=1
– openSUSE Leap 42.3 (i586 x86_64):
To unsubscribe, e-mail: email@example.com
For additional commands, e-mail: firstname.lastname@example.org