rpm package
opensuse/openssh&distro=openSUSE Leap 15.0
pkg:rpm/opensuse/openssh&distro=openSUSE%20Leap%2015.0
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-6109 | Med | 6.8 | < 7.6p1-lp150.8.9.1 | 7.6p1-lp150.8.9.1 | Jan 31, 2019 | An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being | |
| CVE-2019-6111 | — | < 7.6p1-lp150.8.9.1 | 7.6p1-lp150.8.9.1 | Jan 31, 2019 | An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal att | ||
| CVE-2019-6110 | — | < 7.6p1-lp150.8.9.1 | 7.6p1-lp150.8.9.1 | Jan 31, 2019 | In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. | ||
| CVE-2018-20685 | — | < 7.6p1-lp150.8.9.1 | 7.6p1-lp150.8.9.1 | Jan 10, 2019 | In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. |
- affected < 7.6p1-lp150.8.9.1fixed 7.6p1-lp150.8.9.1
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being
- CVE-2019-6111Jan 31, 2019affected < 7.6p1-lp150.8.9.1fixed 7.6p1-lp150.8.9.1
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal att
- CVE-2019-6110Jan 31, 2019affected < 7.6p1-lp150.8.9.1fixed 7.6p1-lp150.8.9.1
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
- CVE-2018-20685Jan 10, 2019affected < 7.6p1-lp150.8.9.1fixed 7.6p1-lp150.8.9.1
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.