AVG-951 log

Package	openssh
Status	Fixed
Severity	High
Type	multiple issues
Affected	7.9p1-1
Fixed	8.0p1-1
Current	9.7p1-1 [core]
Ticket	None
Created	Wed Apr 24 12:42:34 2019

Issue	Severity	Remote	Type	Description
CVE-2019-6111	Medium	Yes	Arbitrary file overwrite	An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to...
CVE-2019-6109	Low	Yes	Content spoofing	An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The- Middle attacker) can...
CVE-2018-20685	High	Yes	Insufficient validation	In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename.

Issue

Severity

Remote

Type

Description

CVE-2019-6111

Medium

Yes

Arbitrary file overwrite

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to...

CVE-2019-6109

Low

Yes

Content spoofing

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The- Middle attacker) can...

CVE-2018-20685

High

Yes

Insufficient validation

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename.

Date	Advisory	Package	Type
24 Apr 2019	ASA-201904-11	openssh	multiple issues

References
https://www.openssh.com/txt/release-8.0