Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 436
Alerts This Week
Warning Icon 1 436

SUSE: 2019:0941-1 Moderate: Openssh Security Update for File Issues

suse
Calendar Grey April 12, 2019
Dist Suse Esm H88
SUSE Security Update: Security update for openssh __________________________________________________
An update that solves two vulnerabilities and has three fixes is now available

Summary

This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed SSHD termination of multichannel sessions with non-root users (bsc#1115550). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods

References

#1090671 #1115550 #1119183 #1121816 #1121821

Cross- CVE-2019-6109 CVE-2019-6111

Affected Products:

SUSE Linux Enterprise Server for SAP 12-SP1

SUSE Linux Enterprise Server 12-SP1-LTSS

SUSE Linux Enterprise Server 12-LTSS

https://www.suse.com/security/cve/CVE-2019-6109.html

https://www.suse.com/security/cve/CVE-2019-6111.html

https://bugzilla.suse.com/1090671

https://bugzilla.suse.com/1115550

https://bugzilla.suse.com/1119183

https://bugzilla.suse.com/1121816

https://bugzilla.suse.com/1121821

Announcement ID: SUSE-SU-2019:0941-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.