Mageia 2019-0156: openssh security update

    Date12 May 2019
    CategoryMageia
    880
    Posted ByLinuxSecurity Advisories
    Updated openssh packages fix security vulnerabilities: Due to missing character encoding in the progress display, the object name can be used to manipulate the client output, for example to employ ANSI codes to hide additional files being transferred (CVE-2019-6109).
    MGASA-2019-0156 - Updated openssh packages fix security vulnerabilities
    
    Publication date: 12 May 2019
    URL: https://advisories.mageia.org/MGASA-2019-0156.html
    Type: security
    Affected Mageia releases: 6
    CVE: CVE-2019-6109,
         CVE-2019-6111
    
    Updated openssh packages fix security vulnerabilities:
    
    Due to missing character encoding in the progress display, the object
    name can be used to manipulate the client output, for example to employ
    ANSI codes to hide additional files being transferred (CVE-2019-6109).
    
    Due to scp client insufficient input validation in path names sent by
    server, a malicious server can do arbitrary file overwrites in target
    directory. If the recursive (-r) option is provided, the server can
    also manipulate subdirectories as well (CVE-2019-6111).
    
    The check added in this version can lead to regression if the client and
    the server have differences in wildcard expansion rules. If the server is
    trusted for that purpose, the check can be disabled with a new -T option
    to the scp client.
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=24308
    - https://www.debian.org/security/2019/dsa-4387
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111
    
    SRPMS:
    - 6/core/openssh-7.5p1-2.4.mga6
    

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"1","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"67","title":"HOWTOs","votes":"2","type":"x","order":"3","pct":66.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.