992533 – (CVE-2016-6515) VUL-0: CVE-2016-6515: openssh: auth_password function in auth-passwd.c in OpenSSH before 7.3 does not limit password length

Bug 992533 (CVE-2016-6515) - VUL-0: CVE-2016-6515: openssh: auth_password function in auth-passwd.c in OpenSSH before 7.3 does not limit password length

Summary: VUL-0: CVE-2016-6515: openssh: auth_password function in auth-passwd.c in Ope...

Status:	RESOLVED FIXED

Alias:	CVE-2016-6515

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Deadline:	2017-01-18
Assignee:	Petr Cerny
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/171680/
Whiteboard:	CVSSv2:SUSE:CVE-2016-6515:5.0:(AV:N/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-08-08 07:18 UTC by Sebastian Krahmer
Modified:	2020-06-18 07:17 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Krahmer 2016-08-08 07:18:18 UTC

CVE-2016-6515



References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6515
http://www.cvedetails.com/cve/CVE-2016-6515/

Comment 5 Swamp Workflow Management 2016-09-09 17:10:06 UTC

SUSE-SU-2016:2280-1: An update that solves two vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 948902,981654,989363,992533
CVE References: CVE-2016-6210,CVE-2016-6515
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    openssh-6.6p1-52.1, openssh-askpass-gnome-6.6p1-52.1
SUSE Linux Enterprise Server 12-SP1 (src):    openssh-6.6p1-52.1, openssh-askpass-gnome-6.6p1-52.1
SUSE Linux Enterprise Server 12-LTSS (src):    openssh-6.6p1-52.1, openssh-askpass-gnome-6.6p1-52.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    openssh-6.6p1-52.1, openssh-askpass-gnome-6.6p1-52.1

Comment 6 Swamp Workflow Management 2016-09-09 17:10:53 UTC

SUSE-SU-2016:2281-1: An update that solves two vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 948902,981654,989363,992533
CVE References: CVE-2016-6210,CVE-2016-6515
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    openssh-6.6p1-28.1, openssh-askpass-gnome-6.6p1-28.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    openssh-6.6p1-28.1, openssh-askpass-gnome-6.6p1-28.2

Comment 7 Swamp Workflow Management 2016-09-19 17:11:54 UTC

openSUSE-SU-2016:2339-1: An update that solves two vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 948902,981654,989363,992533
CVE References: CVE-2016-6210,CVE-2016-6515
Sources used:
openSUSE Leap 42.1 (src):    openssh-6.6p1-14.1, openssh-askpass-gnome-6.6p1-14.1

Comment 8 Swamp Workflow Management 2016-09-26 19:11:21 UTC

SUSE-SU-2016:2388-1: An update that solves 5 vulnerabilities and has 5 fixes is now available.

Category: security (moderate)
Bug References: 932483,948902,959096,962313,962794,970632,975865,981654,989363,992533
CVE References: CVE-2015-8325,CVE-2016-1908,CVE-2016-3115,CVE-2016-6210,CVE-2016-6515
Sources used:
SUSE OpenStack Cloud 5 (src):    openssh-6.2p2-0.33.2, openssh-askpass-gnome-6.2p2-0.33.5
SUSE Manager Proxy 2.1 (src):    openssh-6.2p2-0.33.2, openssh-askpass-gnome-6.2p2-0.33.5
SUSE Manager 2.1 (src):    openssh-6.2p2-0.33.2, openssh-askpass-gnome-6.2p2-0.33.5
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    openssh-6.2p2-0.33.2, openssh-askpass-gnome-6.2p2-0.33.5
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    openssh-6.2p2-0.33.2, openssh-askpass-gnome-6.2p2-0.33.5
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    openssh-6.2p2-0.33.2, openssh-askpass-gnome-6.2p2-0.33.5

Comment 10 Bernhard Wiedemann 2016-10-07 16:01:48 UTC

This is an autogenerated message for OBS integration:
This bug (992533) was mentioned in
https://build.opensuse.org/request/show/433780 Factory / openssh

Comment 16 Swamp Workflow Management 2016-10-17 18:11:33 UTC

SUSE-SU-2016:2555-1: An update that solves 5 vulnerabilities and has 8 fixes is now available.

Category: security (moderate)
Bug References: 729190,932483,948902,960414,961368,961494,962313,965576,970632,975865,981654,989363,992533
CVE References: CVE-2015-8325,CVE-2016-1908,CVE-2016-3115,CVE-2016-6210,CVE-2016-6515
Sources used:
SUSE Linux Enterprise Server 11-SECURITY (src):    openssh-openssl1-6.6p1-15.1

Comment 22 Marcus Meissner 2017-06-26 06:35:50 UTC

released