Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.4117
openssh security, bug fix, and enhancement update
6 November 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: openssh
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 8
Red Hat Enterprise Linux WS/Desktop 8
Impact/Access: Overwrite Arbitrary Files -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2019-6111 CVE-2019-6109 CVE-2018-20685
Reference: ASB-2019.0300
ASB-2019.0124
ESB-2019.3795
ESB-2019.2671
Original Bulletin:
https://access.redhat.com/errata/RHSA-2019:3702
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: openssh security, bug fix, and enhancement update
Advisory ID: RHSA-2019:3702-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:3702
Issue date: 2019-11-05
CVE Names: CVE-2018-20685 CVE-2019-6109 CVE-2019-6111
=====================================================================
1. Summary:
An update for openssh is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
OpenSSH is an SSH protocol implementation supported by a number of Linux,
UNIX, and similar operating systems. It includes the core files necessary
for both the OpenSSH client and server.
The following packages have been upgraded to a later upstream version:
openssh (8.0p1). (BZ#1691045)
Security Fix(es):
* openssh: scp client improper directory name validation (CVE-2018-20685)
* openssh: Improper validation of object names allows malicious server to
overwrite files via scp client (CVE-2019-6111)
* openssh: Missing character encoding in progress display allows for
spoofing of scp client output (CVE-2019-6109)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.1 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the OpenSSH server daemon (sshd) will be
restarted automatically.
5. Bugs fixed (https://bugzilla.redhat.com/):
1665785 - CVE-2018-20685 openssh: scp client improper directory name validation
1666119 - CVE-2019-6109 openssh: Missing character encoding in progress display allows for spoofing of scp client output
1666127 - CVE-2019-6111 openssh: Improper validation of object names allows malicious server to overwrite files via scp client
1667519 - ssh-copy-id hangs when the remote system is out of space
1668325 - openssh - man pages do not mention crypto-policies
1683295 - Kerberos cleanup procedures do not work with GSSAPIDelegateCredentials and default ccache from krb5.conf
1685096 - In FIPS mode, during DH group exchange, OpenSSH client should validate the received moduli, making sure it is one of the known groups.
1686065 - SSH connections get closed when time-based rekeyring is used and ClientAliveMaxCount=0
1691045 - Rebase OpenSSH to latest release (8.0p1?)
1707485 - Use high-level API to do signatures
1712436 - MD5 is used when writing password protected PEM
1732424 - ssh-keygen -A fails in FIPS mode because of DSA key
1732449 - rsa-sha2-*-cert-v01@openssh.com host key types are ignored in FIPS despite being in the policy
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
aarch64:
openssh-askpass-8.0p1-3.el8.aarch64.rpm
openssh-askpass-debuginfo-8.0p1-3.el8.aarch64.rpm
openssh-cavs-debuginfo-8.0p1-3.el8.aarch64.rpm
openssh-clients-debuginfo-8.0p1-3.el8.aarch64.rpm
openssh-debuginfo-8.0p1-3.el8.aarch64.rpm
openssh-debugsource-8.0p1-3.el8.aarch64.rpm
openssh-keycat-debuginfo-8.0p1-3.el8.aarch64.rpm
openssh-ldap-debuginfo-8.0p1-3.el8.aarch64.rpm
openssh-server-debuginfo-8.0p1-3.el8.aarch64.rpm
pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.aarch64.rpm
ppc64le:
openssh-askpass-8.0p1-3.el8.ppc64le.rpm
openssh-askpass-debuginfo-8.0p1-3.el8.ppc64le.rpm
openssh-cavs-debuginfo-8.0p1-3.el8.ppc64le.rpm
openssh-clients-debuginfo-8.0p1-3.el8.ppc64le.rpm
openssh-debuginfo-8.0p1-3.el8.ppc64le.rpm
openssh-debugsource-8.0p1-3.el8.ppc64le.rpm
openssh-keycat-debuginfo-8.0p1-3.el8.ppc64le.rpm
openssh-ldap-debuginfo-8.0p1-3.el8.ppc64le.rpm
openssh-server-debuginfo-8.0p1-3.el8.ppc64le.rpm
pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.ppc64le.rpm
s390x:
openssh-askpass-8.0p1-3.el8.s390x.rpm
openssh-askpass-debuginfo-8.0p1-3.el8.s390x.rpm
openssh-cavs-debuginfo-8.0p1-3.el8.s390x.rpm
openssh-clients-debuginfo-8.0p1-3.el8.s390x.rpm
openssh-debuginfo-8.0p1-3.el8.s390x.rpm
openssh-debugsource-8.0p1-3.el8.s390x.rpm
openssh-keycat-debuginfo-8.0p1-3.el8.s390x.rpm
openssh-ldap-debuginfo-8.0p1-3.el8.s390x.rpm
openssh-server-debuginfo-8.0p1-3.el8.s390x.rpm
pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.s390x.rpm
x86_64:
openssh-askpass-8.0p1-3.el8.x86_64.rpm
openssh-askpass-debuginfo-8.0p1-3.el8.x86_64.rpm
openssh-cavs-debuginfo-8.0p1-3.el8.x86_64.rpm
openssh-clients-debuginfo-8.0p1-3.el8.x86_64.rpm
openssh-debuginfo-8.0p1-3.el8.x86_64.rpm
openssh-debugsource-8.0p1-3.el8.x86_64.rpm
openssh-keycat-debuginfo-8.0p1-3.el8.x86_64.rpm
openssh-ldap-debuginfo-8.0p1-3.el8.x86_64.rpm
openssh-server-debuginfo-8.0p1-3.el8.x86_64.rpm
pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
openssh-8.0p1-3.el8.src.rpm
aarch64:
openssh-8.0p1-3.el8.aarch64.rpm
openssh-askpass-debuginfo-8.0p1-3.el8.aarch64.rpm
openssh-cavs-8.0p1-3.el8.aarch64.rpm
openssh-cavs-debuginfo-8.0p1-3.el8.aarch64.rpm
openssh-clients-8.0p1-3.el8.aarch64.rpm
openssh-clients-debuginfo-8.0p1-3.el8.aarch64.rpm
openssh-debuginfo-8.0p1-3.el8.aarch64.rpm
openssh-debugsource-8.0p1-3.el8.aarch64.rpm
openssh-keycat-8.0p1-3.el8.aarch64.rpm
openssh-keycat-debuginfo-8.0p1-3.el8.aarch64.rpm
openssh-ldap-8.0p1-3.el8.aarch64.rpm
openssh-ldap-debuginfo-8.0p1-3.el8.aarch64.rpm
openssh-server-8.0p1-3.el8.aarch64.rpm
openssh-server-debuginfo-8.0p1-3.el8.aarch64.rpm
pam_ssh_agent_auth-0.10.3-7.3.el8.aarch64.rpm
pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.aarch64.rpm
ppc64le:
openssh-8.0p1-3.el8.ppc64le.rpm
openssh-askpass-debuginfo-8.0p1-3.el8.ppc64le.rpm
openssh-cavs-8.0p1-3.el8.ppc64le.rpm
openssh-cavs-debuginfo-8.0p1-3.el8.ppc64le.rpm
openssh-clients-8.0p1-3.el8.ppc64le.rpm
openssh-clients-debuginfo-8.0p1-3.el8.ppc64le.rpm
openssh-debuginfo-8.0p1-3.el8.ppc64le.rpm
openssh-debugsource-8.0p1-3.el8.ppc64le.rpm
openssh-keycat-8.0p1-3.el8.ppc64le.rpm
openssh-keycat-debuginfo-8.0p1-3.el8.ppc64le.rpm
openssh-ldap-8.0p1-3.el8.ppc64le.rpm
openssh-ldap-debuginfo-8.0p1-3.el8.ppc64le.rpm
openssh-server-8.0p1-3.el8.ppc64le.rpm
openssh-server-debuginfo-8.0p1-3.el8.ppc64le.rpm
pam_ssh_agent_auth-0.10.3-7.3.el8.ppc64le.rpm
pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.ppc64le.rpm
s390x:
openssh-8.0p1-3.el8.s390x.rpm
openssh-askpass-debuginfo-8.0p1-3.el8.s390x.rpm
openssh-cavs-8.0p1-3.el8.s390x.rpm
openssh-cavs-debuginfo-8.0p1-3.el8.s390x.rpm
openssh-clients-8.0p1-3.el8.s390x.rpm
openssh-clients-debuginfo-8.0p1-3.el8.s390x.rpm
openssh-debuginfo-8.0p1-3.el8.s390x.rpm
openssh-debugsource-8.0p1-3.el8.s390x.rpm
openssh-keycat-8.0p1-3.el8.s390x.rpm
openssh-keycat-debuginfo-8.0p1-3.el8.s390x.rpm
openssh-ldap-8.0p1-3.el8.s390x.rpm
openssh-ldap-debuginfo-8.0p1-3.el8.s390x.rpm
openssh-server-8.0p1-3.el8.s390x.rpm
openssh-server-debuginfo-8.0p1-3.el8.s390x.rpm
pam_ssh_agent_auth-0.10.3-7.3.el8.s390x.rpm
pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.s390x.rpm
x86_64:
openssh-8.0p1-3.el8.x86_64.rpm
openssh-askpass-debuginfo-8.0p1-3.el8.x86_64.rpm
openssh-cavs-8.0p1-3.el8.x86_64.rpm
openssh-cavs-debuginfo-8.0p1-3.el8.x86_64.rpm
openssh-clients-8.0p1-3.el8.x86_64.rpm
openssh-clients-debuginfo-8.0p1-3.el8.x86_64.rpm
openssh-debuginfo-8.0p1-3.el8.x86_64.rpm
openssh-debugsource-8.0p1-3.el8.x86_64.rpm
openssh-keycat-8.0p1-3.el8.x86_64.rpm
openssh-keycat-debuginfo-8.0p1-3.el8.x86_64.rpm
openssh-ldap-8.0p1-3.el8.x86_64.rpm
openssh-ldap-debuginfo-8.0p1-3.el8.x86_64.rpm
openssh-server-8.0p1-3.el8.x86_64.rpm
openssh-server-debuginfo-8.0p1-3.el8.x86_64.rpm
pam_ssh_agent_auth-0.10.3-7.3.el8.x86_64.rpm
pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2018-20685
https://access.redhat.com/security/cve/CVE-2019-6109
https://access.redhat.com/security/cve/CVE-2019-6111
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXcHzKNzjgjWX9erEAQiytQ/6Apphov2V0QmnXA+KO3ZZKBPXtgKv8Sv1
dPtXhTC+Keq4yX9/bXlIuyk6BUsMeaiIMlL5bSSKtq2I7rVxwubTcPX4rD+pQvx8
ArNJgn7U2/3xqwc0R8dNXx6o8vB1M6jXDtu8fKJOxW48evDJf6gE4gX2KUM9yxR2
MhCoHVkLp9a5f0T11yFPI11H0P8gXXQgboAkdt82Ui35T4tD8RndVyPCsllN2c/X
QCCbvZ9e8OLJJoxsOryLcw8tpQHXK2AJMXWv0Us99kQtbaBULWWahhrg/tftLxtT
pILFBaB/RsmGg1O6OkxJ2CuKl6ATC2Wlj/Z7uYPrS7MQDn+fXkH2gfcjb4Z4rqIL
IyKbUpsyFEAaV5rJUeRaS7dGfuQldQbS96P8lUpCcOXPbYD8FgTrW2q3NjOKgYMU
+gh2xPwmlRm+iYfmedPoR2+bTWNYv8JS+Cp/fZF4IFx2EJPQcxKLYshNKgcfkNkR
rIZ4brUI79p84H01TcTh4mFAbR63Y+c36UAI3/fM/W/RkZn/PdoJtpfwg/tjOYZH
rt9kL7SfAEhjHNtBuJGNol6e124srS6300hnfFovAr6llDOcYlrh3ZgVZjVrn6E8
TZhyZ84TGMOqykfH7B9XkJH82X+x3rd2m0ovCPq+Ly62BasdXVd0C2snzbx8OAM8
I+am8dhVlyM=
=iPw4
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXcIlLWaOgq3Tt24GAQgwuw//eroFb7HYJb0LhNNeHGvFYOUUl0tt1JL7
/vdTeIiZEyLZgWJmckur2rDJIac428jAFJ2reS89+4Qy+dQ9U91Tl3vfEWJO4nzH
xBIi272OtpS6RYc22Jf1pCuxE5SIn9v/+82SDR++CxpbEhU+OpPj3NquSM5b6ibL
/op4u2qbzQZKGc422YenCj66758vIh8jlQD6I9iKgf2FMsvXdA+VVTVpewf7/C6M
+hk5IVl4D8KZaCPaEN6GyonHa6cVCUt84kphiJmpyHAN6ZlfcCEULxL6n1EKGWzi
jOEJOBGjECn6za7XRST3LHgmVCfh1u0TUO3zheUeVfsNYubm7PasuPqHJMOMLNRm
TncTS0G0cc4Fuz5PLNODlkASn1cQsXnH8uxwcWhSbo6/pHZdzLliPudl8WUO66w/
KERfK5RV+3cbDhQYh7lfdKhzYXjYXSYiW6RqmUPoSCxXBu1ZbjuGS+8c7MGIbxGi
7VvsHsl38yTbXcYLdyzRhzKQWGbzeYup4SxfibY19+n5LcOTXOZEUFbIRKfeLDfk
YjV/x2VaUg5yroS2yHeUAMLoY/bYK+l/xQYLL60n1xMBTycsRLSKHxF6pwFAheZW
zJZNEqyq2YGQ5KrqMVP9G2Y1NA4GWVfSgu06r1bHFrrfMmeFtIWOR1f4WImafO8Y
ianC7Cxnu4I=
=S8QG
-----END PGP SIGNATURE-----