View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-15906 severity moderate: SUSE including 38 source package names (openssh, openssh-6.2p2-0.41.5.1, …), 153 product×package rows across 35 product lines (SUSE Enterprise Storage 7.1, SUSE Liberty Linux 7, … (35 product lines)): Fixed 82, Known Not Affected 71.
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.