openSUSE Security Update: Security update for openssh
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:2298-1
Rating: moderate
References: #1115550 #1139398 #1142000 #1148566 #1173513
#1174162
Cross-References: CVE-2020-14145
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that solves one vulnerability and has 5 fixes is
now available.
Description:
This update for openssh fixes the following issues:
– CVE-2020-14145: Fixed a potential information leak during host key
exchange (bsc#1173513).
– Supplement libgtk-3-0 instead of libX11-6 to avoid installation on a
textmode install (bsc#1142000)
– Fixed an issue where oracle cluster with cluvfy using “scp”
failing/missinterpreted (bsc#1148566).
– Fixed sshd termination of multichannel sessions with non-root users
(bsc#1115550,bsc#1174162).
– Added speculative hardening for key storage (bsc#1139398).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
– openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-2298=1
Package List:
– openSUSE Leap 15.1 (i586 x86_64):
openssh-7.9p1-lp151.4.18.1
openssh-cavs-7.9p1-lp151.4.18.1
openssh-cavs-debuginfo-7.9p1-lp151.4.18.1
openssh-debuginfo-7.9p1-lp151.4.18.1
openssh-debugsource-7.9p1-lp151.4.18.1
openssh-fips-7.9p1-lp151.4.18.1
openssh-helpers-7.9p1-lp151.4.18.1
openssh-helpers-debuginfo-7.9p1-lp151.4.18.1
– openSUSE Leap 15.1 (x86_64):
openssh-askpass-gnome-7.9p1-lp151.4.18.1
openssh-askpass-gnome-debuginfo-7.9p1-lp151.4.18.1
openssh-askpass-gnome-debugsource-7.9p1-lp151.4.18.1
References:
https://www.suse.com/security/cve/CVE-2020-14145.html
https://bugzilla.suse.com/1115550
https://bugzilla.suse.com/1139398
https://bugzilla.suse.com/1142000
https://bugzilla.suse.com/1148566
https://bugzilla.suse.com/1173513
https://bugzilla.suse.com/1174162
_______________________________________________
openSUSE Security Announce mailing list — security-announce@lists.opensuse.org
To unsubscribe, email security-announce-leave@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org