Oval Definition:oval:org.opensuse.security:def:51792
Revision Date:2020-12-01Version:1
Title:Security update for openssh (Moderate)
Description:

This update for openssh fixes the following issues:

Security vulnerabilities addressed:

- CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816) - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821)

Other bug fixes and changes:

- Handle brace expansion in scp when checking that filenames sent by the server side match what the client requested (bsc#1125687)
Family:unixClass:patch
Status:Reference(s):1092206
1121816
1121821
1122623
1122842
1125330
1125687
1129821
1130262
1141320
1146090
1146091
1146093
1146094
1146095
1146097
1146099
1146100
1160850
1160852
1160888
1160968
1172356
1173998
1174543
CVE-2010-2529
CVE-2011-0460
CVE-2011-3172
CVE-2013-6418
CVE-2013-6487
CVE-2014-1829
CVE-2014-1830
CVE-2014-3775
CVE-2015-2296
CVE-2018-11803
CVE-2018-18335
CVE-2018-18356
CVE-2018-18506
CVE-2018-18509
CVE-2019-14902
CVE-2019-14907
CVE-2019-19344
CVE-2019-3816
CVE-2019-3833
CVE-2019-5785
CVE-2019-6109
CVE-2019-6111
CVE-2019-9511
CVE-2019-9512
CVE-2019-9513
CVE-2019-9514
CVE-2019-9515
CVE-2019-9516
CVE-2019-9517
CVE-2019-9518
CVE-2019-9788
CVE-2019-9790
CVE-2019-9791
CVE-2019-9792
CVE-2019-9793
CVE-2019-9794
CVE-2019-9795
CVE-2019-9796
CVE-2019-9801
CVE-2019-9810
CVE-2019-9813
CVE-2020-13753
CVE-2020-2583
CVE-2020-2590
CVE-2020-2593
CVE-2020-2601
CVE-2020-2604
CVE-2020-2654
CVE-2020-2659
CVE-2020-9802
CVE-2020-9803
CVE-2020-9805
CVE-2020-9806
CVE-2020-9807
CVE-2020-9843
CVE-2020-9850
SUSE-SU-2019:0195-1
SUSE-SU-2019:0496-1
SUSE-SU-2019:0654-1
SUSE-SU-2019:0853-1
SUSE-SU-2019:2259-1
SUSE-SU-2020:0223-1
SUSE-SU-2020:0231-1
SUSE-SU-2020:1990-1
SUSE-SU-2020:2158-1
Platform(s):openSUSE Leap 15.0
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
SUSE Linux Enterprise Module for Python2 packages 15 SP1
SUSE Linux Enterprise Module for Server Applications 15
SUSE Linux Enterprise Module for Server Applications 15 SP1
SUSE Linux Enterprise Module for Web Scripting 15
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Workstation Extension 15
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND cifs-utils-6.5-lp150.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • MozillaFirefox-24.8.0esr-0.8 is installed
  • OR MozillaFirefox-translations-24.8.0esr-0.8 is installed
  • OR libfreebl3-3.16.4-0.8 is installed
  • OR libfreebl3-32bit-3.16.4-0.8 is installed
  • OR libsoftokn3-3.16.4-0.8 is installed
  • OR libsoftokn3-32bit-3.16.4-0.8 is installed
  • OR mozilla-nspr-4.10.7-0.3 is installed
  • OR mozilla-nspr-32bit-4.10.7-0.3 is installed
  • OR mozilla-nss-3.16.4-0.8 is installed
  • OR mozilla-nss-32bit-3.16.4-0.8 is installed
  • OR mozilla-nss-tools-3.16.4-0.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • libtiff3-3.8.2-141.163 is installed
  • OR libtiff3-32bit-3.8.2-141.163 is installed
  • OR tiff-3.8.2-141.163 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND iputils-s20121221-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND libgadu3-1.11.4-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND kbd-1.15.5-8.7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • krb5-1.12.5-39 is installed
  • OR krb5-32bit-1.12.5-39 is installed
  • OR krb5-client-1.12.5-39 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • fuse-2.9.3-6.3 is installed
  • OR libfuse2-2.9.3-6.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed
  • AND Package Information
  • openssh-7.6p1-9.23 is installed
  • OR openssh-cavs-7.6p1-9.23 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Python2 packages 15 SP1 is installed
  • AND Package Information
  • libsamba-policy0-4.9.5+git.243.e76c5cb3d97-3.21 is installed
  • OR samba-4.9.5+git.243.e76c5cb3d97-3.21 is installed
  • OR samba-ad-dc-4.9.5+git.243.e76c5cb3d97-3.21 is installed
  • OR samba-dsdb-modules-4.9.5+git.243.e76c5cb3d97-3.21 is installed
  • OR samba-libs-python-4.9.5+git.243.e76c5cb3d97-3.21 is installed
  • OR samba-python-4.9.5+git.243.e76c5cb3d97-3.21 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 is installed
  • AND Package Information
  • subversion-1.10.0-3.3 is installed
  • OR subversion-server-1.10.0-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed
  • AND Package Information
  • xen-4.12.3_06-3.25 is installed
  • OR xen-devel-4.12.3_06-3.25 is installed
  • OR xen-tools-4.12.3_06-3.25 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 15 is installed
  • AND Package Information
  • nodejs10-10.16.3-1.12 is installed
  • OR nodejs10-devel-10.16.3-1.12 is installed
  • OR nodejs10-docs-10.16.3-1.12 is installed
  • OR npm10-10.16.3-1.12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • libXi6-1.7.4-9 is installed
  • OR libXi6-32bit-1.7.4-9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_85-default-9-2 is installed
  • OR kgraft-patch-3_12_74-60_64_85-xen-9-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_26-9-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • libvncclient0-0.9.9-16 is installed
  • OR libvncserver0-0.9.9-16 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • MozillaFirefox-52.9.0esr-109.38 is installed
  • OR MozillaFirefox-devel-52.9.0esr-109.38 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • xen-4.7.6_04-43.39 is installed
  • OR xen-doc-html-4.7.6_04-43.39 is installed
  • OR xen-libs-4.7.6_04-43.39 is installed
  • OR xen-libs-32bit-4.7.6_04-43.39 is installed
  • OR xen-tools-4.7.6_04-43.39 is installed
  • OR xen-tools-domU-4.7.6_04-43.39 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kernel-default-4.4.121-92.92 is installed
  • OR kernel-default-base-4.4.121-92.92 is installed
  • OR kernel-default-devel-4.4.121-92.92 is installed
  • OR kernel-default-man-4.4.121-92.92 is installed
  • OR kernel-devel-4.4.121-92.92 is installed
  • OR kernel-macros-4.4.121-92.92 is installed
  • OR kernel-source-4.4.121-92.92 is installed
  • OR kernel-syms-4.4.121-92.92 is installed
  • OR kgraft-patch-4_4_121-92_92-default-1-3.7 is installed
  • OR kgraft-patch-SLE12-SP2_Update_24-1-3.7 is installed
  • OR lttng-modules-2.7.1-9.4 is installed
  • OR lttng-modules-kmp-default-2.7.1_k4.4.121_92.92-9.4 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND
  • libssh2-1-1.4.3-20.9 is installed
  • OR libssh2-1-32bit-1.4.3-20.9 is installed
  • OR libssh2_org-1.4.3-20.9 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND
  • libssh2-1-1.4.3-20.9 is installed
  • OR libssh2-1-32bit-1.4.3-20.9 is installed
  • OR libssh2_org-1.4.3-20.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • automake-1.13.4-6 is installed
  • OR m4-1.4.16-15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • libsqlite3-0-3.8.10.2-9.15 is installed
  • OR libsqlite3-0-32bit-3.8.10.2-9.15 is installed
  • OR sqlite3-3.8.10.2-9.15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_178-94_91-default-5-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_25-5-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • apache2-2.4.23-29.24 is installed
  • OR apache2-doc-2.4.23-29.24 is installed
  • OR apache2-example-pages-2.4.23-29.24 is installed
  • OR apache2-prefork-2.4.23-29.24 is installed
  • OR apache2-utils-2.4.23-29.24 is installed
  • OR apache2-worker-2.4.23-29.24 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND binutils-2.31-9.26 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 15-LTSS is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-2.28.3-3.57 is installed
  • OR libwebkit2gtk-4_0-37-2.28.3-3.57 is installed
  • OR libwebkit2gtk3-lang-2.28.3-3.57 is installed
  • OR webkit2gtk-4_0-injected-bundles-2.28.3-3.57 is installed
  • OR webkit2gtk3-2.28.3-3.57 is installed
  • OR webkit2gtk3-devel-2.28.3-3.57 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 is installed
  • AND Package Information
  • MozillaThunderbird-60.6.1-3.28 is installed
  • OR MozillaThunderbird-translations-common-60.6.1-3.28 is installed
  • OR MozillaThunderbird-translations-other-60.6.1-3.28 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • dnsmasq-2.71-13 is installed
  • OR dnsmasq-utils-2.71-13 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • MozillaFirefox-60.3.0-109.50 is installed
  • OR MozillaFirefox-devel-60.3.0-109.50 is installed
  • OR MozillaFirefox-translations-common-60.3.0-109.50 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • kernel-default-4.4.180-94.100 is installed
  • OR kernel-default-base-4.4.180-94.100 is installed
  • OR kernel-default-devel-4.4.180-94.100 is installed
  • OR kernel-devel-4.4.180-94.100 is installed
  • OR kernel-macros-4.4.180-94.100 is installed
  • OR kernel-source-4.4.180-94.100 is installed
  • OR kernel-syms-4.4.180-94.100 is installed
  • OR kgraft-patch-4_4_180-94_100-default-1-4.3 is installed
  • OR kgraft-patch-SLE12-SP3_Update_27-1-4.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • ruby2.1-rubygem-sprockets-2_12-2.12.5-1.4 is installed
  • OR rubygem-sprockets-2_12-2.12.5-1.4 is installed
    • BACK