openssh-8.4p1-7.4 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11124-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z openssh-8.4p1-7.4 on GA media These are all security issues fixed in the openssh-8.4p1-7.4 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11124 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2006-0225/ SUSE CVE CVE-2006-0225 page https://www.suse.com/security/cve/CVE-2007-4752/ SUSE CVE CVE-2007-4752 page https://www.suse.com/security/cve/CVE-2008-1483/ SUSE CVE CVE-2008-1483 page https://www.suse.com/security/cve/CVE-2016-10009/ SUSE CVE CVE-2016-10009 page https://www.suse.com/security/cve/CVE-2016-10010/ SUSE CVE CVE-2016-10010 page https://www.suse.com/security/cve/CVE-2016-10011/ SUSE CVE CVE-2016-10011 page https://www.suse.com/security/cve/CVE-2016-10012/ SUSE CVE CVE-2016-10012 page https://www.suse.com/security/cve/CVE-2016-8858/ SUSE CVE CVE-2016-8858 page https://www.suse.com/security/cve/CVE-2018-20685/ SUSE CVE CVE-2018-20685 page https://www.suse.com/security/cve/CVE-2019-6109/ SUSE CVE CVE-2019-6109 page https://www.suse.com/security/cve/CVE-2019-6110/ SUSE CVE CVE-2019-6110 page https://www.suse.com/security/cve/CVE-2019-6111/ SUSE CVE CVE-2019-6111 page openSUSE Tumbleweed openssh-8.4p1-7.4 openssh-cavs-8.4p1-7.4 openssh-clients-8.4p1-7.4 openssh-common-8.4p1-7.4 openssh-fips-8.4p1-7.4 openssh-helpers-8.4p1-7.4 openssh-server-8.4p1-7.4 openssh-8.4p1-7.4 as a component of openSUSE Tumbleweed openssh-cavs-8.4p1-7.4 as a component of openSUSE Tumbleweed openssh-clients-8.4p1-7.4 as a component of openSUSE Tumbleweed openssh-common-8.4p1-7.4 as a component of openSUSE Tumbleweed openssh-fips-8.4p1-7.4 as a component of openSUSE Tumbleweed openssh-helpers-8.4p1-7.4 as a component of openSUSE Tumbleweed openssh-server-8.4p1-7.4 as a component of openSUSE Tumbleweed scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. CVE-2006-0225 openSUSE Tumbleweed:openssh-8.4p1-7.4 openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4 openSUSE Tumbleweed:openssh-clients-8.4p1-7.4 openSUSE Tumbleweed:openssh-common-8.4p1-7.4 openSUSE Tumbleweed:openssh-fips-8.4p1-7.4 openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4 openSUSE Tumbleweed:openssh-server-8.4p1-7.4 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-0225.html CVE-2006-0225 https://bugzilla.suse.com/143435 SUSE Bug 143435 https://bugzilla.suse.com/206456 SUSE Bug 206456 ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted. CVE-2007-4752 openSUSE Tumbleweed:openssh-8.4p1-7.4 openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4 openSUSE Tumbleweed:openssh-clients-8.4p1-7.4 openSUSE Tumbleweed:openssh-common-8.4p1-7.4 openSUSE Tumbleweed:openssh-fips-8.4p1-7.4 openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4 openSUSE Tumbleweed:openssh-server-8.4p1-7.4 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-4752.html CVE-2007-4752 https://bugzilla.suse.com/308521 SUSE Bug 308521 OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs. CVE-2008-1483 openSUSE Tumbleweed:openssh-8.4p1-7.4 openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4 openSUSE Tumbleweed:openssh-clients-8.4p1-7.4 openSUSE Tumbleweed:openssh-common-8.4p1-7.4 openSUSE Tumbleweed:openssh-fips-8.4p1-7.4 openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4 openSUSE Tumbleweed:openssh-server-8.4p1-7.4 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-1483.html CVE-2008-1483 https://bugzilla.suse.com/1069509 SUSE Bug 1069509 https://bugzilla.suse.com/373527 SUSE Bug 373527 https://bugzilla.suse.com/585630 SUSE Bug 585630 https://bugzilla.suse.com/647633 SUSE Bug 647633 https://bugzilla.suse.com/706386 SUSE Bug 706386 Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. CVE-2016-10009 openSUSE Tumbleweed:openssh-8.4p1-7.4 openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4 openSUSE Tumbleweed:openssh-clients-8.4p1-7.4 openSUSE Tumbleweed:openssh-common-8.4p1-7.4 openSUSE Tumbleweed:openssh-fips-8.4p1-7.4 openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4 openSUSE Tumbleweed:openssh-server-8.4p1-7.4 moderate 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10009.html CVE-2016-10009 https://bugzilla.suse.com/1016336 SUSE Bug 1016336 https://bugzilla.suse.com/1016366 SUSE Bug 1016366 https://bugzilla.suse.com/1016370 SUSE Bug 1016370 https://bugzilla.suse.com/1026634 SUSE Bug 1026634 https://bugzilla.suse.com/1138392 SUSE Bug 1138392 https://bugzilla.suse.com/1213504 SUSE Bug 1213504 https://bugzilla.suse.com/1217035 SUSE Bug 1217035 sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. CVE-2016-10010 openSUSE Tumbleweed:openssh-8.4p1-7.4 openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4 openSUSE Tumbleweed:openssh-clients-8.4p1-7.4 openSUSE Tumbleweed:openssh-common-8.4p1-7.4 openSUSE Tumbleweed:openssh-fips-8.4p1-7.4 openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4 openSUSE Tumbleweed:openssh-server-8.4p1-7.4 important 7.1 AV:N/AC:H/Au:S/C:C/I:C/A:C 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10010.html CVE-2016-10010 https://bugzilla.suse.com/1016336 SUSE Bug 1016336 https://bugzilla.suse.com/1016368 SUSE Bug 1016368 https://bugzilla.suse.com/1021751 SUSE Bug 1021751 https://bugzilla.suse.com/1196721 SUSE Bug 1196721 authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. CVE-2016-10011 openSUSE Tumbleweed:openssh-8.4p1-7.4 openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4 openSUSE Tumbleweed:openssh-clients-8.4p1-7.4 openSUSE Tumbleweed:openssh-common-8.4p1-7.4 openSUSE Tumbleweed:openssh-fips-8.4p1-7.4 openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4 openSUSE Tumbleweed:openssh-server-8.4p1-7.4 low 1 AV:L/AC:H/Au:S/C:P/I:N/A:N 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10011.html CVE-2016-10011 https://bugzilla.suse.com/1016336 SUSE Bug 1016336 https://bugzilla.suse.com/1016369 SUSE Bug 1016369 https://bugzilla.suse.com/1016370 SUSE Bug 1016370 https://bugzilla.suse.com/1017870 SUSE Bug 1017870 https://bugzilla.suse.com/1026634 SUSE Bug 1026634 https://bugzilla.suse.com/1029445 SUSE Bug 1029445 The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures. CVE-2016-10012 openSUSE Tumbleweed:openssh-8.4p1-7.4 openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4 openSUSE Tumbleweed:openssh-clients-8.4p1-7.4 openSUSE Tumbleweed:openssh-common-8.4p1-7.4 openSUSE Tumbleweed:openssh-fips-8.4p1-7.4 openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4 openSUSE Tumbleweed:openssh-server-8.4p1-7.4 low 3.6 AV:N/AC:H/Au:S/C:P/I:P/A:N 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10012.html CVE-2016-10012 https://bugzilla.suse.com/1006166 SUSE Bug 1006166 https://bugzilla.suse.com/1016336 SUSE Bug 1016336 https://bugzilla.suse.com/1016369 SUSE Bug 1016369 https://bugzilla.suse.com/1016370 SUSE Bug 1016370 https://bugzilla.suse.com/1017870 SUSE Bug 1017870 https://bugzilla.suse.com/1026634 SUSE Bug 1026634 https://bugzilla.suse.com/1035742 SUSE Bug 1035742 https://bugzilla.suse.com/1073044 SUSE Bug 1073044 https://bugzilla.suse.com/1092582 SUSE Bug 1092582 https://bugzilla.suse.com/1138392 SUSE Bug 1138392 ** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue." CVE-2016-8858 openSUSE Tumbleweed:openssh-8.4p1-7.4 openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4 openSUSE Tumbleweed:openssh-clients-8.4p1-7.4 openSUSE Tumbleweed:openssh-common-8.4p1-7.4 openSUSE Tumbleweed:openssh-fips-8.4p1-7.4 openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4 openSUSE Tumbleweed:openssh-server-8.4p1-7.4 moderate 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-8858.html CVE-2016-8858 https://bugzilla.suse.com/1005480 SUSE Bug 1005480 In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. CVE-2018-20685 openSUSE Tumbleweed:openssh-8.4p1-7.4 openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4 openSUSE Tumbleweed:openssh-clients-8.4p1-7.4 openSUSE Tumbleweed:openssh-common-8.4p1-7.4 openSUSE Tumbleweed:openssh-fips-8.4p1-7.4 openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4 openSUSE Tumbleweed:openssh-server-8.4p1-7.4 important 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-20685.html CVE-2018-20685 https://bugzilla.suse.com/1121571 SUSE Bug 1121571 https://bugzilla.suse.com/1123220 SUSE Bug 1123220 https://bugzilla.suse.com/1131109 SUSE Bug 1131109 https://bugzilla.suse.com/1134932 SUSE Bug 1134932 An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. CVE-2019-6109 openSUSE Tumbleweed:openssh-8.4p1-7.4 openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4 openSUSE Tumbleweed:openssh-clients-8.4p1-7.4 openSUSE Tumbleweed:openssh-common-8.4p1-7.4 openSUSE Tumbleweed:openssh-fips-8.4p1-7.4 openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4 openSUSE Tumbleweed:openssh-server-8.4p1-7.4 moderate 4 AV:N/AC:H/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-6109.html CVE-2019-6109 https://bugzilla.suse.com/1121571 SUSE Bug 1121571 https://bugzilla.suse.com/1121816 SUSE Bug 1121816 https://bugzilla.suse.com/1121818 SUSE Bug 1121818 https://bugzilla.suse.com/1121821 SUSE Bug 1121821 https://bugzilla.suse.com/1138392 SUSE Bug 1138392 https://bugzilla.suse.com/1144902 SUSE Bug 1144902 https://bugzilla.suse.com/1144903 SUSE Bug 1144903 https://bugzilla.suse.com/1148884 SUSE Bug 1148884 In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. CVE-2019-6110 openSUSE Tumbleweed:openssh-8.4p1-7.4 openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4 openSUSE Tumbleweed:openssh-clients-8.4p1-7.4 openSUSE Tumbleweed:openssh-common-8.4p1-7.4 openSUSE Tumbleweed:openssh-fips-8.4p1-7.4 openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4 openSUSE Tumbleweed:openssh-server-8.4p1-7.4 moderate 4 AV:N/AC:H/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-6110.html CVE-2019-6110 https://bugzilla.suse.com/1121571 SUSE Bug 1121571 https://bugzilla.suse.com/1121816 SUSE Bug 1121816 https://bugzilla.suse.com/1121818 SUSE Bug 1121818 https://bugzilla.suse.com/1121821 SUSE Bug 1121821 An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). CVE-2019-6111 openSUSE Tumbleweed:openssh-8.4p1-7.4 openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4 openSUSE Tumbleweed:openssh-clients-8.4p1-7.4 openSUSE Tumbleweed:openssh-common-8.4p1-7.4 openSUSE Tumbleweed:openssh-fips-8.4p1-7.4 openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4 openSUSE Tumbleweed:openssh-server-8.4p1-7.4 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-6111.html CVE-2019-6111 https://bugzilla.suse.com/1121571 SUSE Bug 1121571 https://bugzilla.suse.com/1121816 SUSE Bug 1121816 https://bugzilla.suse.com/1121818 SUSE Bug 1121818 https://bugzilla.suse.com/1121821 SUSE Bug 1121821 https://bugzilla.suse.com/1123028 SUSE Bug 1123028 https://bugzilla.suse.com/1123220 SUSE Bug 1123220 https://bugzilla.suse.com/1131109 SUSE Bug 1131109 https://bugzilla.suse.com/1138392 SUSE Bug 1138392 https://bugzilla.suse.com/1144902 SUSE Bug 1144902 https://bugzilla.suse.com/1144903 SUSE Bug 1144903 https://bugzilla.suse.com/1148884 SUSE Bug 1148884 https://bugzilla.suse.com/1201840 SUSE Bug 1201840