Security update for openssh SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:0125-2 Final 1 1 2019-04-29T06:02:04Z current 2019-04-29T06:02:04Z 2019-04-29T06:02:04Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for openssh This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816) - CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818) - CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2019-125,SUSE-SLE-SAP-12-SP1-2019-125 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20190125-2/ Link for SUSE-SU-2019:0125-2 https://lists.suse.com/pipermail/sle-security-updates/2019-April/005404.html E-Mail link for SUSE-SU-2019:0125-2 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1121571 SUSE Bug 1121571 https://bugzilla.suse.com/1121816 SUSE Bug 1121816 https://bugzilla.suse.com/1121818 SUSE Bug 1121818 https://bugzilla.suse.com/1121821 SUSE Bug 1121821 https://www.suse.com/security/cve/CVE-2018-20685/ SUSE CVE CVE-2018-20685 page https://www.suse.com/security/cve/CVE-2019-6109/ SUSE CVE CVE-2019-6109 page https://www.suse.com/security/cve/CVE-2019-6110/ SUSE CVE CVE-2019-6110 page https://www.suse.com/security/cve/CVE-2019-6111/ SUSE CVE CVE-2019-6111 page SUSE Linux Enterprise Server for SAP Applications 12 SP1 openssh-6.6p1-54.26.1 openssh-askpass-gnome-6.6p1-54.26.1 openssh-cavs-6.6p1-54.26.1 openssh-fips-6.6p1-54.26.1 openssh-helpers-6.6p1-54.26.1 openssh-6.6p1-54.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 openssh-askpass-gnome-6.6p1-54.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 openssh-fips-6.6p1-54.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 openssh-helpers-6.6p1-54.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. CVE-2018-20685 SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssh-6.6p1-54.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssh-askpass-gnome-6.6p1-54.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssh-fips-6.6p1-54.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssh-helpers-6.6p1-54.26.1 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20190125-2/ https://www.suse.com/security/cve/CVE-2018-20685.html CVE-2018-20685 https://bugzilla.suse.com/1121571 SUSE Bug 1121571 https://bugzilla.suse.com/1123220 SUSE Bug 1123220 https://bugzilla.suse.com/1131109 SUSE Bug 1131109 https://bugzilla.suse.com/1134932 SUSE Bug 1134932 An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. CVE-2019-6109 SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssh-6.6p1-54.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssh-askpass-gnome-6.6p1-54.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssh-fips-6.6p1-54.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssh-helpers-6.6p1-54.26.1 moderate 4 AV:N/AC:H/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20190125-2/ https://www.suse.com/security/cve/CVE-2019-6109.html CVE-2019-6109 https://bugzilla.suse.com/1121571 SUSE Bug 1121571 https://bugzilla.suse.com/1121816 SUSE Bug 1121816 https://bugzilla.suse.com/1121818 SUSE Bug 1121818 https://bugzilla.suse.com/1121821 SUSE Bug 1121821 https://bugzilla.suse.com/1138392 SUSE Bug 1138392 https://bugzilla.suse.com/1144902 SUSE Bug 1144902 https://bugzilla.suse.com/1144903 SUSE Bug 1144903 https://bugzilla.suse.com/1148884 SUSE Bug 1148884 In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. CVE-2019-6110 SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssh-6.6p1-54.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssh-askpass-gnome-6.6p1-54.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssh-fips-6.6p1-54.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssh-helpers-6.6p1-54.26.1 moderate 4 AV:N/AC:H/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20190125-2/ https://www.suse.com/security/cve/CVE-2019-6110.html CVE-2019-6110 https://bugzilla.suse.com/1121571 SUSE Bug 1121571 https://bugzilla.suse.com/1121816 SUSE Bug 1121816 https://bugzilla.suse.com/1121818 SUSE Bug 1121818 https://bugzilla.suse.com/1121821 SUSE Bug 1121821 An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). CVE-2019-6111 SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssh-6.6p1-54.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssh-askpass-gnome-6.6p1-54.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssh-fips-6.6p1-54.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:openssh-helpers-6.6p1-54.26.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20190125-2/ https://www.suse.com/security/cve/CVE-2019-6111.html CVE-2019-6111 https://bugzilla.suse.com/1121571 SUSE Bug 1121571 https://bugzilla.suse.com/1121816 SUSE Bug 1121816 https://bugzilla.suse.com/1121818 SUSE Bug 1121818 https://bugzilla.suse.com/1121821 SUSE Bug 1121821 https://bugzilla.suse.com/1123028 SUSE Bug 1123028 https://bugzilla.suse.com/1123220 SUSE Bug 1123220 https://bugzilla.suse.com/1131109 SUSE Bug 1131109 https://bugzilla.suse.com/1138392 SUSE Bug 1138392 https://bugzilla.suse.com/1144902 SUSE Bug 1144902 https://bugzilla.suse.com/1144903 SUSE Bug 1144903 https://bugzilla.suse.com/1148884 SUSE Bug 1148884 https://bugzilla.suse.com/1201840 SUSE Bug 1201840