Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 428
Alerts This Week
Warning Icon 1 428

OpenSUSE: 2019:1602-1 Moderate: OpenSSH Security Issues Resolved

opensuse
Calendar Grey June 24, 2019
Dist Opensuse Esm H88
This patch tackles significant concerns in OpenSSH, rectifying major vulnerabilities and boosting overall system reliability.
An update that solves two vulnerabilities and has four fixes is now available.

Description

This update for openssh fixes the following issues:

Security vulnerabilities addressed:

- CVE-2019-6109: Fixed an character encoding issue in the progress display

of the scp client that could be used to manipulate client output,

allowing for spoofing during file transfers (bsc#1121816).

- CVE-2019-6111: Properly validate object names received by the scp client

to prevent arbitrary file overwrites when interacting with a malicious

SSH server (bsc#1121821).

Other issues fixed:

- Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183).

- Returned proper reason for port forwarding failures (bsc#1090671).

- Fixed a double free() in the KDF CAVS testing tool (bsc#1065237).

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1602=1

Package List

- openSUSE Leap 42.3 (i586 x86_64):

openssh-7.2p2-35.1

openssh-askpass-gnome-7.2p2-35.1

openssh-askpass-gnome-debuginfo-7.2p2-35.1

openssh-cavs-7.2p2-35.1

openssh-cavs-debuginfo-7.2p2-35.1

openssh-debuginfo-7.2p2-35.1

openssh-debugsource-7.2p2-35.1

openssh-fips-7.2p2-35.1

openssh-helpers-7.2p2-35.1

openssh-helpers-debuginfo-7.2p2-35.1

References

https://www.suse.com/security/cve/CVE-2019-6109.html

https://www.suse.com/security/cve/CVE-2019-6111.html

https://bugzilla.suse.com/1065237

https://bugzilla.suse.com/1090671

https://bugzilla.suse.com/1119183

https://bugzilla.suse.com/1121816

https://bugzilla.suse.com/1121821

https://bugzilla.suse.com/1131709

--

Announcement ID: openSUSE-SU-2019:1602-1
Rating: moderate
Affected Products: openSUSE Leap 42.3 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.