Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

openSUSE Leap 15.0 openSUSE-SU-2019:0307-1 Moderate: OpenSSH Fixes

opensuse
Calendar Grey March 8, 2019
Dist Opensuse Esm H88
A Fedora patch for curl resolves serious vulnerabilities, improving safety and correcting errors, guaranteeing safer data handling.
An update that solves two vulnerabilities and has one errata is now available.

Description

This update for openssh fixes the following issues:

Security vulnerabilities addressed:

- CVE-2019-6109: Fixed an character encoding issue in the progress display

of the scp client that could be used to manipulate client output,

allowing for spoofing during file transfers (bsc#1121816)

- CVE-2019-6111: Properly validate object names received by the scp client

to prevent arbitrary file overwrites when interacting with a malicious

SSH server (bsc#1121821)

Other bug fixes and changes:

- Handle brace expansion in scp when checking that filenames sent by the

server side match what the client requested (bsc#1125687)

This update was imported from the SUSE:SLE-15:Update update project.

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-307=1

Package List

- openSUSE Leap 15.0 (i586 x86_64):

openssh-7.6p1-lp150.8.15.2

openssh-cavs-7.6p1-lp150.8.15.2

openssh-cavs-debuginfo-7.6p1-lp150.8.15.2

openssh-debuginfo-7.6p1-lp150.8.15.2

openssh-debugsource-7.6p1-lp150.8.15.2

openssh-fips-7.6p1-lp150.8.15.2

openssh-helpers-7.6p1-lp150.8.15.2

openssh-helpers-debuginfo-7.6p1-lp150.8.15.2

- openSUSE Leap 15.0 (x86_64):

openssh-askpass-gnome-7.6p1-lp150.8.15.1

openssh-askpass-gnome-debuginfo-7.6p1-lp150.8.15.1

References

https://www.suse.com/security/cve/CVE-2019-6109.html

https://www.suse.com/security/cve/CVE-2019-6111.html

https://bugzilla.suse.com/1121816

https://bugzilla.suse.com/1121821

https://bugzilla.suse.com/1125687

--

Announcement ID: openSUSE-SU-2019:0307-1
Rating: moderate
Affected Products: openSUSE Leap 15.0 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here