Oval Definition:	oval:org.opensuse.security:def:56829
Revision Date: 2020-12-01 Version: 1 Title: Security update for openssh (Moderate) Description: This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed a double free() in the KDF CAVS testing tool (bsc#1065237). Family: unix Class: patch Status: Reference(s): 1002991 1002995 1002998 1003000 1003002 1003012 1003017 1003023 1032089 1037008 1037009 1052311 1052368 1055962 1057514 1059100 1059134 1059139 1065237 1076500 1079869 1083625 1090671 1092885 1118597 1119183 1121816 1121821 1130246 1131709 1155787 1158328 1160968 1161167 1163985 812259 855062 867583 899908 902606 924919 927841 935087 937261 937444 938577 940338 940946 941363 942476 943989 944749 945649 947953 949440 949936 950292 950437 951199 951392 951615 952579 952976 954992 955118 955354 955654 956514 956708 957525 957988 957990 958463 958886 958951 959090 959146 959190 959257 959364 959399 959436 959463 959629 960221 960227 960281 960300 960382 961202 961257 961500 961509 961516 961588 961971 962336 962356 962788 962965 963449 963572 963765 963767 963825 964230 964821 965344 965840 968849 993302 993313 CVE-2013-7446 CVE-2014-4362 CVE-2015-0272 CVE-2015-3310 CVE-2015-5707 CVE-2015-7550 CVE-2015-7799 CVE-2015-7830 CVE-2015-8215 CVE-2015-8539 CVE-2015-8543 CVE-2015-8550 CVE-2015-8551 CVE-2015-8569 CVE-2015-8575 CVE-2015-8660 CVE-2015-8711 CVE-2015-8712 CVE-2015-8713 CVE-2015-8714 CVE-2015-8715 CVE-2015-8716 CVE-2015-8717 CVE-2015-8718 CVE-2015-8719 CVE-2015-8720 CVE-2015-8721 CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725 CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729 CVE-2015-8730 CVE-2015-8731 CVE-2015-8732 CVE-2015-8733 CVE-2015-8767 CVE-2015-8785 CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 CVE-2016-0723 CVE-2016-10209 CVE-2016-10349 CVE-2016-10350 CVE-2016-2069 CVE-2016-2098 CVE-2016-5407 CVE-2016-6316 CVE-2016-6317 CVE-2016-7942 CVE-2016-7944 CVE-2016-7945 CVE-2016-7946 CVE-2016-7947 CVE-2016-7948 CVE-2016-7949 CVE-2016-7950 CVE-2016-7951 CVE-2016-7952 CVE-2016-7953 CVE-2017-1000112 CVE-2017-14166 CVE-2017-14501 CVE-2017-14502 CVE-2017-14503 CVE-2017-2518 CVE-2017-5715 CVE-2018-1064 CVE-2018-19870 CVE-2018-19872 CVE-2018-3639 CVE-2018-5748 CVE-2019-11745 CVE-2019-13722 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 CVE-2019-6109 CVE-2019-6111 CVE-2020-0569 CVE-2020-1720 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 SUSE-SU-2016:0109-1 SUSE-SU-2016:0585-1 SUSE-SU-2016:2505-1 SUSE-SU-2017:0474-1 SUSE-SU-2017:2440-1 SUSE-SU-2017:2716-1 SUSE-SU-2018:2082-1 SUSE-SU-2018:3640-2 SUSE-SU-2019:1524-1 SUSE-SU-2019:3050-1 SUSE-SU-2019:3347-1 SUSE-SU-2020:0318-1 SUSE-SU-2020:0586-1 SUSE-SU-2020:0628-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND cups-filters-1.20.3-lp150.1 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libopenssl-1_0_0-devel-1.0.2p-lp151.5.3 is installed OR libopenssl-1_0_0-devel-32bit-1.0.2p-lp151.5.3 is installed OR libopenssl1_0_0-1.0.2p-lp151.5.3 is installed OR libopenssl1_0_0-32bit-1.0.2p-lp151.5.3 is installed OR libopenssl1_0_0-hmac-1.0.2p-lp151.5.3 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2p-lp151.5.3 is installed OR openssl-1_0_0-1.0.2p-lp151.5.3 is installed OR openssl-1_0_0-cavs-1.0.2p-lp151.5.3 is installed OR openssl-1_0_0-doc-1.0.2p-lp151.5.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information openssh-7.2p2-74.42 is installed OR openssh-askpass-gnome-7.2p2-74.42 is installed OR openssh-helpers-7.2p2-74.42 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information libarchive-3.1.2-26.3 is installed OR libarchive13-3.1.2-26.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information libX11-1.6.2-6 is installed OR libX11-6-1.6.2-6 is installed OR libX11-6-32bit-1.6.2-6 is installed OR libX11-data-1.6.2-6 is installed OR libX11-xcb1-1.6.2-6 is installed OR libX11-xcb1-32bit-1.6.2-6 is installed OR libXfixes-5.0.1-5 is installed OR libXfixes3-5.0.1-5 is installed OR libXfixes3-32bit-5.0.1-5 is installed OR libXi-1.7.4-12 is installed OR libXi6-1.7.4-12 is installed OR libXi6-32bit-1.7.4-12 is installed OR libXrandr-1.4.2-5 is installed OR libXrandr2-1.4.2-5 is installed OR libXrandr2-32bit-1.4.2-5 is installed OR libXrender-0.9.8-5 is installed OR libXrender1-0.9.8-5 is installed OR libXrender1-32bit-0.9.8-5 is installed OR libXtst-1.2.2-5 is installed OR libXtst6-1.2.2-5 is installed OR libXtst6-32bit-1.2.2-5 is installed OR libXv-1.0.10-5 is installed OR libXv1-1.0.10-5 is installed OR libXv1-32bit-1.0.10-5 is installed OR libXvMC-1.0.8-5 is installed OR libXvMC1-1.0.8-5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_69-60_64_32-default-6-2 is installed OR kgraft-patch-3_12_69-60_64_32-xen-6-2 is installed OR kgraft-patch-SLE12-SP1_Update_13-6-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND davfs2-1.5.2-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information libwireshark9-2.4.9-48.29 is installed OR libwiretap7-2.4.9-48.29 is installed OR libwscodecs1-2.4.9-48.29 is installed OR libwsutil8-2.4.9-48.29 is installed OR wireshark-2.4.9-48.29 is installed OR wireshark-gtk-2.4.9-48.29 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information libopenssl-devel-1.0.2j-60.30 is installed OR libopenssl1_0_0-1.0.2j-60.30 is installed OR libopenssl1_0_0-32bit-1.0.2j-60.30 is installed OR libopenssl1_0_0-hmac-1.0.2j-60.30 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.30 is installed OR openssl-1.0.2j-60.30 is installed OR openssl-doc-1.0.2j-60.30 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information xen-4.7.6_05-43.42 is installed OR xen-doc-html-4.7.6_05-43.42 is installed OR xen-libs-4.7.6_05-43.42 is installed OR xen-libs-32bit-4.7.6_05-43.42 is installed OR xen-tools-4.7.6_05-43.42 is installed OR xen-tools-domU-4.7.6_05-43.42 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information libfreebl3-3.29.5-57 is installed OR libfreebl3-32bit-3.29.5-57 is installed OR libfreebl3-hmac-3.29.5-57 is installed OR libfreebl3-hmac-32bit-3.29.5-57 is installed OR libsoftokn3-3.29.5-57 is installed OR libsoftokn3-32bit-3.29.5-57 is installed OR libsoftokn3-hmac-3.29.5-57 is installed OR libsoftokn3-hmac-32bit-3.29.5-57 is installed OR mozilla-nss-3.29.5-57 is installed OR mozilla-nss-32bit-3.29.5-57 is installed OR mozilla-nss-certs-3.29.5-57 is installed OR mozilla-nss-certs-32bit-3.29.5-57 is installed OR mozilla-nss-sysinit-3.29.5-57 is installed OR mozilla-nss-sysinit-32bit-3.29.5-57 is installed OR mozilla-nss-tools-3.29.5-57 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND clamav-0.100.3-33.29 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libvirt-3.3.0-5.40 is installed OR libvirt-admin-3.3.0-5.40 is installed OR libvirt-client-3.3.0-5.40 is installed OR libvirt-daemon-3.3.0-5.40 is installed OR libvirt-daemon-config-network-3.3.0-5.40 is installed OR libvirt-daemon-config-nwfilter-3.3.0-5.40 is installed OR libvirt-daemon-driver-interface-3.3.0-5.40 is installed OR libvirt-daemon-driver-libxl-3.3.0-5.40 is installed OR libvirt-daemon-driver-lxc-3.3.0-5.40 is installed OR libvirt-daemon-driver-network-3.3.0-5.40 is installed OR libvirt-daemon-driver-nodedev-3.3.0-5.40 is installed OR libvirt-daemon-driver-nwfilter-3.3.0-5.40 is installed OR libvirt-daemon-driver-qemu-3.3.0-5.40 is installed OR libvirt-daemon-driver-secret-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-core-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-disk-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-iscsi-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-logical-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-mpath-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-rbd-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-scsi-3.3.0-5.40 is installed OR libvirt-daemon-hooks-3.3.0-5.40 is installed OR libvirt-daemon-lxc-3.3.0-5.40 is installed OR libvirt-daemon-qemu-3.3.0-5.40 is installed OR libvirt-daemon-xen-3.3.0-5.40 is installed OR libvirt-doc-3.3.0-5.40 is installed OR libvirt-libs-3.3.0-5.40 is installed OR libvirt-lock-sanlock-3.3.0-5.40 is installed OR libvirt-nss-3.3.0-5.40 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information xen-4.9.4_06-3.62 is installed OR xen-doc-html-4.9.4_06-3.62 is installed OR xen-libs-4.9.4_06-3.62 is installed OR xen-libs-32bit-4.9.4_06-3.62 is installed OR xen-tools-4.9.4_06-3.62 is installed OR xen-tools-domU-4.9.4_06-3.62 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information libsaml8-2.5.5-3.3 is installed OR opensaml-bin-2.5.5-3.3 is installed OR opensaml-schemas-2.5.5-3.3 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3 is installed OR ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3 is installed OR ruby2.1-rubygem-actionview-4_2-4.2.9-9.3 is installed OR ruby2.1-rubygem-activejob-4_2-4.2.9-3.3 is installed OR ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3 is installed OR ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3 is installed OR ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3 is installed OR ruby2.1-rubygem-rails-4_2-4.2.9-3.3 is installed OR ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3 is installed OR ruby2.1-rubygem-railties-4_2-4.2.9-3.3 is installed OR rubygem-actionmailer-4_2-4.2.9-3.3 is installed OR rubygem-actionpack-4_2-4.2.9-7.3 is installed OR rubygem-actionview-4_2-4.2.9-9.3 is installed OR rubygem-activejob-4_2-4.2.9-3.3 is installed OR rubygem-activemodel-4_2-4.2.9-6.3 is installed OR rubygem-activerecord-4_2-4.2.9-6.3 is installed OR rubygem-activesupport-4_2-4.2.9-7.3 is installed OR rubygem-rails-4_2-4.2.9-3.3 is installed OR rubygem-rails-html-sanitizer-1.0.3-8.3 is installed OR rubygem-railties-4_2-4.2.9-3.3 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information postgresql96-9.6.15-3.29 is installed OR postgresql96-contrib-9.6.15-3.29 is installed OR postgresql96-docs-9.6.15-3.29 is installed OR postgresql96-libs-9.6.15-3.29 is installed OR postgresql96-plperl-9.6.15-3.29 is installed OR postgresql96-plpython-9.6.15-3.29 is installed OR postgresql96-pltcl-9.6.15-3.29 is installed OR postgresql96-server-9.6.15-3.29 is installed
BACK