- Home
- CVEs with nessus.description==openssh was updated to fix four security issues.
These security issues were fixed :
- CVE-2015-5352: The x11_open_helper function in
channels.c in ssh in OpenSSH when ForwardX11Trusted mode
is not used, lacked a check of the refusal deadline for
X connections, which made it easier for remote attackers
to bypass intended access restrictions via a connection
outside of the permitted time window (bsc#936695).
- CVE-2015-5600: The kbdint_next_device function in
auth2-chall.c in sshd in OpenSSH did not properly
restrict the processing of keyboard-interactive devices
within a single connection, which made it easier for
remote attackers to conduct brute-force attacks or cause
a denial of service (CPU consumption) via a long and
duplicative list in the ssh -oKbdInteractiveDevices
option, as demonstrated by a modified client that
provides a different password for each pam element on
this list (bsc#938746).
- CVE-2015-4000: Removed and disabled weak DH groups
(bsc#932483).
- Hardening patch to fix sftp RCE (bsc#903649).
The update package also includes non-security fixes. See advisory for
details.
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top