Oval Definition:	oval:org.opensuse.security:def:59892
Revision Date: 2020-12-01 Version: 1 Title: Security update for openssh (Moderate) Description: This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed a double free() in the KDF CAVS testing tool (bsc#1065237). Family: unix Class: patch Status: Reference(s): 1033109 1033111 1033112 1033113 1033118 1033120 1033126 1033127 1033128 1033129 1033131 1038438 1042804 1042805 1065237 1077358 1090671 1099510 1101288 1119183 1119947 1121816 1121821 1130721 1131709 1136021 1136446 1137597 1140747 1141322 1144903 1148987 1153108 1153158 1153161 1158527 1159819 1159913 1165439 1165631 1174628 925502 995352 CVE-2002-2443 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-0847 CVE-2009-3295 CVE-2009-4212 CVE-2010-0283 CVE-2010-0628 CVE-2010-1320 CVE-2010-1321 CVE-2010-1322 CVE-2010-1323 CVE-2010-1324 CVE-2010-4020 CVE-2010-4021 CVE-2010-4022 CVE-2011-0281 CVE-2011-0282 CVE-2011-0284 CVE-2011-0285 CVE-2011-1527 CVE-2011-1528 CVE-2011-1529 CVE-2011-1530 CVE-2012-1012 CVE-2012-1013 CVE-2012-1016 CVE-2013-1415 CVE-2013-1417 CVE-2013-1418 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 CVE-2014-5351 CVE-2014-5352 CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 CVE-2015-2694 CVE-2015-2695 CVE-2015-2696 CVE-2015-2697 CVE-2015-2698 CVE-2015-2775 CVE-2015-8629 CVE-2015-8630 CVE-2015-8631 CVE-2016-10371 CVE-2016-3119 CVE-2016-3120 CVE-2016-6893 CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 CVE-2017-9403 CVE-2017-9404 CVE-2018-0618 CVE-2018-13796 CVE-2018-16884 CVE-2018-5950 CVE-2019-10220 CVE-2019-11477 CVE-2019-11477 CVE-2019-11478 CVE-2019-11478 CVE-2019-11745 CVE-2019-13627 CVE-2019-17006 CVE-2019-17133 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-3846 CVE-2019-3846 CVE-2019-5108 CVE-2019-6109 CVE-2019-6111 CVE-2020-14344 CVE-2020-1747 CVE-2020-1749 SUSE-SU-2017:2569-1 SUSE-SU-2018:4296-1 SUSE-SU-2019:1610-1 SUSE-SU-2019:2510-1 SUSE-SU-2020:0088-1 SUSE-SU-2020:1285-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information libblkid1-2.31.1-lp150.6 is installed OR libblkid1-32bit-2.31.1-lp150.6 is installed OR libfdisk1-2.31.1-lp150.6 is installed OR libmount1-2.31.1-lp150.6 is installed OR libsmartcols1-2.31.1-lp150.6 is installed OR libuuid1-2.31.1-lp150.6 is installed OR libuuid1-32bit-2.31.1-lp150.6 is installed OR util-linux-2.31.1-lp150.6 is installed OR util-linux-lang-2.31.1-lp150.6 is installed OR util-linux-systemd-2.31.1-lp150.6 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libu2f-host-1.1.6-lp151.2.6 is installed OR libu2f-host-devel-1.1.6-lp151.2.6 is installed OR libu2f-host-doc-1.1.6-lp151.2.6 is installed OR libu2f-host0-1.1.6-lp151.2.6 is installed OR pam_u2f-1.0.8-lp151.2.3 is installed OR u2f-host-1.1.6-lp151.2.6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information openssh-7.2p2-74.42 is installed OR openssh-askpass-gnome-7.2p2-74.42 is installed OR openssh-fips-7.2p2-74.42 is installed OR openssh-helpers-7.2p2-74.42 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information krb5-1.12.5-39 is installed OR krb5-32bit-1.12.5-39 is installed OR krb5-client-1.12.5-39 is installed OR krb5-doc-1.12.5-39 is installed OR krb5-plugin-kdb-ldap-1.12.5-39 is installed OR krb5-plugin-preauth-otp-1.12.5-39 is installed OR krb5-plugin-preauth-pkinit-1.12.5-39 is installed OR krb5-server-1.12.5-39 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information dovecot22-2.2.31-19.17 is installed OR dovecot22-backend-mysql-2.2.31-19.17 is installed OR dovecot22-backend-pgsql-2.2.31-19.17 is installed OR dovecot22-backend-sqlite-2.2.31-19.17 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_156-94_64-default-7-2 is installed OR kgraft-patch-SLE12-SP3_Update_20-7-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_162-94_72-default-5-2 is installed OR kgraft-patch-SLE12-SP3_Update_22-5-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libblkid1-2.29.2-3.12 is installed OR libblkid1-32bit-2.29.2-3.12 is installed OR libfdisk1-2.29.2-3.12 is installed OR libmount1-2.29.2-3.12 is installed OR libmount1-32bit-2.29.2-3.12 is installed OR libsmartcols1-2.29.2-3.12 is installed OR libuuid1-2.29.2-3.12 is installed OR libuuid1-32bit-2.29.2-3.12 is installed OR python-libmount-2.29.2-3.12 is installed OR util-linux-2.29.2-3.12 is installed OR util-linux-lang-2.29.2-3.12 is installed OR util-linux-systemd-2.29.2-3.12 is installed OR uuidd-2.29.2-3.12 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND dosfstools-3.0.26-6 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information libgcrypt-1.6.1-16.68 is installed OR libgcrypt20-1.6.1-16.68 is installed OR libgcrypt20-32bit-1.6.1-16.68 is installed OR libgcrypt20-hmac-1.6.1-16.68 is installed OR libgcrypt20-hmac-32bit-1.6.1-16.68 is installed Definition Synopsis SUSE OpenStack Cloud 9 is installed AND python-Django1-1.11.23-3.9 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information python-PyYAML-5.1.2-26.12 is installed OR python3-PyYAML-5.1.2-26.12 is installed
BACK