Source: openssh Version: 1:7.9p1-4 Severity: important Tags: patch security upstream Control: found -1 1:7.4p1-10 Control: found -1 1:7.4p1-10+deb9u4
Hi, The following vulnerability was published for openssh. CVE-2018-20685[0]: | In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to | bypass intended access restrictions via the filename of . or an empty | filename. More information are found in [1], where upstream fixed it in [2]. There are related issues described in [1] which I explicitly do not track in this bug as they are yet not addressed upstream (and did not want to mix report). They are described in [1] as issues #2, #3 and #4 and got own CVEs (CVE-2019-6109, CVE-2019-6110, CVE-2019-6111). Not sure if upstream intends to adress those as well. The described vulnerabilities would require that a victim accepts the wrong host fingerpring though of a man-in-the mittle attacker server. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-20685 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685 [1] https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt [2] https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2 Please adjust the affected versions in the BTS as needed. Regards, Salvatore