SUSE-SU-2019:1524-1 -- SLES opensshID: oval:org.secpod.oval:def:89003343 | Date: (C)2021-02-27 (M)2023-03-29 |
Class: PATCH | Family: unix |
This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers . - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server . Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP . - Returned proper reason for port forwarding failures . - Fixed a double free in the KDF CAVS testing tool .
Platform: |
SUSE Linux Enterprise Server 12 SP3 |
SUSE Linux Enterprise Server 12 SP2 |
SUSE Linux Enterprise Server 12 SP4 |