Oval Definition:oval:org.opensuse.security:def:80753
Revision Date:2019-06-17Version:1
Title:Security update for openssh (Moderate)
Description:

This update for openssh fixes the following issues:

Security vulnerabilities addressed:

- CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821).

Other issues fixed:

- Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed a double free() in the KDF CAVS testing tool (bsc#1065237).
Family:unixClass:patch
Status:Reference(s):1065237
1090671
1119183
1121816
1121821
1131709
CVE-2019-6109
CVE-2019-6111
SUSE-SU-2019:1524-1
Platform(s):SUSE OpenStack Cloud 7
Product(s):
Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • openssh-7.2p2-74.42.8 is installed
  • OR openssh-askpass-gnome-7.2p2-74.42.10 is installed
  • OR openssh-fips-7.2p2-74.42.8 is installed
  • OR openssh-helpers-7.2p2-74.42.8 is installed
    • BACK