AVG-951

Package openssh
Status Fixed
Severity High
Type multiple issues
Affected 7.9p1-1
Fixed 8.0p1-1
Current 8.0p1-2 [core]
Ticket None
Created Wed Apr 24 12:42:34 2019
Issue Severity Remote Type Description
CVE-2019-6111 Medium Yes Arbitrary file overwrite
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to...
CVE-2019-6109 Low Yes Content spoofing
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The- Middle attacker) can...
CVE-2018-20685 High Yes Insufficient validation
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename.
Date Advisory Package Description
24 Apr 2019 ASA-201904-11 openssh multiple issues
References
https://www.openssh.com/txt/release-8.0