Bugzilla – Bug 943006
VUL-0: CVE-2015-6564: openssh: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.cin sshd in OpenSSH ...
Last modified: 2019-05-01 16:50:27 UTC
CVE-2015-6564 Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6564 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6564 http://www.cvedetails.com/cve/CVE-2015-6564/ https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7
bugbot adjusting priority
seems also to apply to 5.1p1 and 6.1p1 we have in 11-sp1, 11-sp3 and 12-ga. please apply.
QA: no reproducer
SUSE-SU-2015:1544-1: An update that solves 5 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 903649,932483,936695,938746,943006,943010 CVE References: CVE-2015-4000,CVE-2015-5352,CVE-2015-5600,CVE-2015-6563,CVE-2015-6564 Sources used: SUSE Linux Enterprise Server 12 (src): openssh-6.6p1-29.1, openssh-askpass-gnome-6.6p1-29.1 SUSE Linux Enterprise Desktop 12 (src): openssh-6.6p1-29.1, openssh-askpass-gnome-6.6p1-29.1
SUSE-SU-2015:1547-1: An update that solves 5 vulnerabilities and has 5 fixes is now available. Category: security (moderate) Bug References: 673532,903649,905118,914309,916549,932483,936695,938746,943006,943010 CVE References: CVE-2015-4000,CVE-2015-5352,CVE-2015-5600,CVE-2015-6563,CVE-2015-6564 Sources used: SUSE Linux Enterprise Server for VMWare 11-SP3 (src): openssh-6.2p2-0.17.1, openssh-askpass-gnome-6.2p2-0.17.3 SUSE Linux Enterprise Server 11-SP3 (src): openssh-6.2p2-0.17.1, openssh-askpass-gnome-6.2p2-0.17.3
SUSE-SU-2015:1547-2: An update that solves 5 vulnerabilities and has 5 fixes is now available. Category: security (moderate) Bug References: 673532,903649,905118,914309,916549,932483,936695,938746,943006,943010 CVE References: CVE-2015-4000,CVE-2015-5352,CVE-2015-5600,CVE-2015-6563,CVE-2015-6564 Sources used: SUSE Linux Enterprise Desktop 11-SP3 (src): openssh-6.2p2-0.17.1, openssh-askpass-gnome-6.2p2-0.17.3 SUSE Linux Enterprise Debuginfo 11-SP3 (src): openssh-6.2p2-0.17.1, openssh-askpass-gnome-6.2p2-0.17.3
SUSE-SU-2015:1581-1: An update that solves 5 vulnerabilities and has 6 fixes is now available. Category: security (important) Bug References: 673532,903649,905118,914309,916549,932483,936695,938746,943006,943010,945493 CVE References: CVE-2015-4000,CVE-2015-5352,CVE-2015-5600,CVE-2015-6563,CVE-2015-6564 Sources used: SUSE Linux Enterprise Server for VMWare 11-SP3 (src): openssh-6.2p2-0.21.1, openssh-askpass-gnome-6.2p2-0.21.3 SUSE Linux Enterprise Server 11-SP3 (src): openssh-6.2p2-0.21.1, openssh-askpass-gnome-6.2p2-0.21.3 SUSE Linux Enterprise Desktop 11-SP3 (src): openssh-6.2p2-0.21.1, openssh-askpass-gnome-6.2p2-0.21.3 SUSE Linux Enterprise Debuginfo 11-SP3 (src): openssh-6.2p2-0.21.1, openssh-askpass-gnome-6.2p2-0.21.3
SUSE-SU-2015:1695-1: An update that solves 5 vulnerabilities and has 5 fixes is now available. Category: security (moderate) Bug References: 903649,932483,936695,938746,939932,943006,943010,945484,945493,947458 CVE References: CVE-2015-4000,CVE-2015-5352,CVE-2015-5600,CVE-2015-6563,CVE-2015-6564 Sources used: SUSE Linux Enterprise Server 11-SP4 (src): openssh-6.6p1-13.1, openssh-askpass-gnome-6.6p1-13.3 SUSE Linux Enterprise Desktop 11-SP4 (src): openssh-6.6p1-13.1, openssh-askpass-gnome-6.6p1-13.3 SUSE Linux Enterprise Debuginfo 11-SP4 (src): openssh-6.6p1-13.1, openssh-askpass-gnome-6.6p1-13.3
also tracked as OSVDB 126033
*** Bug 959715 has been marked as a duplicate of this bug. ***
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2017-01-18. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63340
Regarding: CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 We are using the security modules now and what to know If these 3 CVEs effected openssh-openss1? If yes, Does openssh-openssl1 addressed these 3 CVEs and in which version it is addressed? I can't get any information about openssh-openssl on these CVEs's pages. (like https://www.suse.com/security/cve/CVE-2015-6563/)
These 3 CVES are fixed in openssh-openssl1, and were in its first introduction.