Test Kennung:	1.3.6.1.4.1.25623.1.0.852264
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for openssh (openSUSE-SU-2019:0093-1)
Zusammenfassung:	The remote host is missing an update for the 'openssh'; package(s) announced via the openSUSE-SU-2019:0093-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'openssh' package(s) announced via the openSUSE-SU-2019:0093-1 advisory. Vulnerability Insight: This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816) - CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818) - CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821) This update was imported from the SUSE:SLE-12-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2019-93=1 Affected Software/OS: openssh on openSUSE Leap 42.3. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-6109 Debian Security Information: DSA-4387 (Google Search) https://www.debian.org/security/2019/dsa-4387 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/ https://security.gentoo.org/glsa/201903-16 https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html RedHat Security Advisories: RHSA-2019:3702 https://access.redhat.com/errata/RHSA-2019:3702 SuSE Security Announcement: openSUSE-SU-2019:1602 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html https://usn.ubuntu.com/3885-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-6110 https://www.exploit-db.com/exploits/46193/ Common Vulnerability Exposure (CVE) ID: CVE-2019-6111 BugTraq ID: 106741 http://www.securityfocus.com/bid/106741 FreeBSD Security Advisory: FreeBSD-EN-19:10 https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc https://bugzilla.redhat.com/show_bug.cgi?id=1677794 https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23@%3Cdev.mina.apache.org%3E https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b@%3Cdev.mina.apache.org%3E https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f@%3Cdev.mina.apache.org%3E https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a@%3Cdev.mina.apache.org%3E http://www.openwall.com/lists/oss-security/2019/04/18/1 https://usn.ubuntu.com/3885-2/
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.