Test Kennung:	1.3.6.1.4.1.25623.1.0.852341
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for openssh (openSUSE-SU-2019:0307-1)
Zusammenfassung:	The remote host is missing an update for the 'openssh'; package(s) announced via the openSUSE-SU-2019:0307-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'openssh' package(s) announced via the openSUSE-SU-2019:0307-1 advisory. Vulnerability Insight: This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed a character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816) - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821) Other bug fixes and changes: - Handle brace expansion in scp when checking that filenames sent by the server side match what the client requested (bsc#1125687) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-307=1 Affected Software/OS: openssh on openSUSE Leap 15.0. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-6109 Debian Security Information: DSA-4387 (Google Search) https://www.debian.org/security/2019/dsa-4387 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/ https://security.gentoo.org/glsa/201903-16 https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html RedHat Security Advisories: RHSA-2019:3702 https://access.redhat.com/errata/RHSA-2019:3702 SuSE Security Announcement: openSUSE-SU-2019:1602 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html https://usn.ubuntu.com/3885-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-6111 BugTraq ID: 106741 http://www.securityfocus.com/bid/106741 https://www.exploit-db.com/exploits/46193/ FreeBSD Security Advisory: FreeBSD-EN-19:10 https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc https://bugzilla.redhat.com/show_bug.cgi?id=1677794 https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23@%3Cdev.mina.apache.org%3E https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b@%3Cdev.mina.apache.org%3E https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f@%3Cdev.mina.apache.org%3E https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a@%3Cdev.mina.apache.org%3E http://www.openwall.com/lists/oss-security/2019/04/18/1 https://usn.ubuntu.com/3885-2/
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.