Security update for openssh SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1602-1 Final 1 1 2019-06-24T10:18:21Z current 2019-06-24T10:18:21Z 2019-06-24T10:18:21Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for openssh This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed a double free() in the KDF CAVS testing tool (bsc#1065237). This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html E-Mail link for openSUSE-SU-2019:1602-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 openssh-7.2p2-35.1 openssh-askpass-gnome-7.2p2-35.1 openssh-cavs-7.2p2-35.1 openssh-fips-7.2p2-35.1 openssh-helpers-7.2p2-35.1 openssh-7.2p2-35.1 as a component of openSUSE Leap 42.3 openssh-askpass-gnome-7.2p2-35.1 as a component of openSUSE Leap 42.3 openssh-cavs-7.2p2-35.1 as a component of openSUSE Leap 42.3 openssh-fips-7.2p2-35.1 as a component of openSUSE Leap 42.3 openssh-helpers-7.2p2-35.1 as a component of openSUSE Leap 42.3 An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. CVE-2019-6109 openSUSE Leap 42.3:openssh-7.2p2-35.1 openSUSE Leap 42.3:openssh-askpass-gnome-7.2p2-35.1 openSUSE Leap 42.3:openssh-cavs-7.2p2-35.1 openSUSE Leap 42.3:openssh-fips-7.2p2-35.1 openSUSE Leap 42.3:openssh-helpers-7.2p2-35.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html https://www.suse.com/security/cve/CVE-2019-6109.html CVE-2019-6109 https://bugzilla.suse.com/1121571 SUSE Bug 1121571 https://bugzilla.suse.com/1121816 SUSE Bug 1121816 https://bugzilla.suse.com/1121818 SUSE Bug 1121818 https://bugzilla.suse.com/1121821 SUSE Bug 1121821 https://bugzilla.suse.com/1138392 SUSE Bug 1138392 https://bugzilla.suse.com/1144902 SUSE Bug 1144902 https://bugzilla.suse.com/1144903 SUSE Bug 1144903 https://bugzilla.suse.com/1148884 SUSE Bug 1148884 An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). CVE-2019-6111 openSUSE Leap 42.3:openssh-7.2p2-35.1 openSUSE Leap 42.3:openssh-askpass-gnome-7.2p2-35.1 openSUSE Leap 42.3:openssh-cavs-7.2p2-35.1 openSUSE Leap 42.3:openssh-fips-7.2p2-35.1 openSUSE Leap 42.3:openssh-helpers-7.2p2-35.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html https://www.suse.com/security/cve/CVE-2019-6111.html CVE-2019-6111 https://bugzilla.suse.com/1121571 SUSE Bug 1121571 https://bugzilla.suse.com/1121816 SUSE Bug 1121816 https://bugzilla.suse.com/1121818 SUSE Bug 1121818 https://bugzilla.suse.com/1121821 SUSE Bug 1121821 https://bugzilla.suse.com/1123028 SUSE Bug 1123028 https://bugzilla.suse.com/1123220 SUSE Bug 1123220 https://bugzilla.suse.com/1131109 SUSE Bug 1131109 https://bugzilla.suse.com/1138392 SUSE Bug 1138392 https://bugzilla.suse.com/1144902 SUSE Bug 1144902 https://bugzilla.suse.com/1144903 SUSE Bug 1144903 https://bugzilla.suse.com/1148884 SUSE Bug 1148884