SUSE: 2019:0496-1 Moderate: openssh File Transfer Issues Fix
suse
February 26, 2019
An update that solves two vulnerabilities and has one errata is now available
Summary
This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816) - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821) Other bug fixes and changes: - Handle brace expansion in scp when checking that filenames sent by the server side match what the client requested (bsc#1125687) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Topics Covered
References
#1121816 #1121821 #1125687
Cross- CVE-2019-6109 CVE-2019-6111
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
SUSE Linux Enterprise Module for Desktop Applications 15
SUSE Linux Enterprise Module for Basesystem 15
https://www.suse.com/security/cve/CVE-2019-6109.html
https://www.suse.com/security/cve/CVE-2019-6111.html
https://bugzilla.suse.com/1121816
https://bugzilla.suse.com/1121821
https://bugzilla.suse.com/1125687
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2019:0496-1
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!