参照: Official suse advisory, NVD, CVE.org · CVE 詳細
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-1908 severity low: SUSE including 36 source package names (openssh-5.1p1-41.74.1, openssh-6.2p2-0.33.2, …), 90 product×package rows across 27 product lines (SUSE Liberty Linux 7, SUSE Linux Enterprise Desktop 12, … (27 product lines)): Fixed 90.
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.