Описание
Security update for openssh
This update for openssh fixes the following issues:
Security issue fixed:
- CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571)
- CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816)
- CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818)
- CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821)
Список пакетов
SUSE Enterprise Storage 4
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE OpenStack Cloud 7
Ссылки
- Link for SUSE-SU-2019:0132-1
- E-Mail link for SUSE-SU-2019:0132-1
- SUSE Security Ratings
- SUSE Bug 1121571
- SUSE Bug 1121816
- SUSE Bug 1121818
- SUSE Bug 1121821
- SUSE CVE CVE-2018-20685 page
- SUSE CVE CVE-2019-6109 page
- SUSE CVE CVE-2019-6110 page
- SUSE CVE CVE-2019-6111 page
Описание
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
Затронутые продукты
Ссылки
- CVE-2018-20685
- SUSE Bug 1121571
- SUSE Bug 1123220
- SUSE Bug 1131109
- SUSE Bug 1134932
Описание
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
Затронутые продукты
Ссылки
- CVE-2019-6109
- SUSE Bug 1121571
- SUSE Bug 1121816
- SUSE Bug 1121818
- SUSE Bug 1121821
- SUSE Bug 1138392
- SUSE Bug 1144902
- SUSE Bug 1144903
- SUSE Bug 1148884
Описание
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
Затронутые продукты
Ссылки
- CVE-2019-6110
- SUSE Bug 1121571
- SUSE Bug 1121816
- SUSE Bug 1121818
- SUSE Bug 1121821
Описание
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
Затронутые продукты
Ссылки
- CVE-2019-6111
- SUSE Bug 1121571
- SUSE Bug 1121816
- SUSE Bug 1121818
- SUSE Bug 1121821
- SUSE Bug 1123028
- SUSE Bug 1123220
- SUSE Bug 1131109
- SUSE Bug 1138392
- SUSE Bug 1144902
- SUSE Bug 1144903
- SUSE Bug 1148884
- SUSE Bug 1201840