Security update for jsch
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2017:0715-1
Final
1
1
2017-03-17T07:36:39Z
current
2017-03-17T07:36:39Z
2017-03-17T07:36:39Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for jsch
This update for jsch to version 0.1.54 fixes the following issues:
Security issues fixed:
- CVE-2016-5725: recursive sftp get client-side windows path traversal (bsc#997542).
Bugfixes:
- sftp-put may send the garbage data in some rare case.
- fixed a deadlock bug in KnownHosts#getHostKey().
- SftpProgressMonitor#init() was not invoked in sftp-put by using the output-stream.
- KnownHosts#setKnownHosts() should accept the non-existing file.
- excluding the user interaction time from the timeout value.
- addressing SFTP slow file transfer speed with Titan FTP.
- updating copyright messages; 2015 -> 2016
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-SUSE-Manager-Server-3.0-2017-391
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2017/suse-su-20170715-1/
Link for SUSE-SU-2017:0715-1
https://lists.suse.com/pipermail/sle-security-updates/2017-March/002702.html
E-Mail link for SUSE-SU-2017:0715-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/997542
SUSE Bug 997542
https://www.suse.com/security/cve/CVE-2016-5725/
SUSE CVE CVE-2016-5725 page
SUSE Manager Server 3.0
jsch-0.1.54-3.1
jsch-0.1.54-3.1 as a component of SUSE Manager Server 3.0
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
CVE-2016-5725
SUSE Manager Server 3.0:jsch-0.1.54-3.1
moderate
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20170715-1/
https://www.suse.com/security/cve/CVE-2016-5725.html
CVE-2016-5725
https://bugzilla.suse.com/997542
SUSE Bug 997542