Bug 24191

Summary: openssh new security issue CVE-2018-20685
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: andrewsfarm, davidwhodgins, mageia, marja11, sysadmin-bugs
Version: 6Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6-64-OK
Source RPM: openssh-7.9p1-1.mga7.src.rpm CVE:
Status comment:

Description David Walser 2019-01-16 13:22:37 CET 
Fedora has issued an advisory today (January 16):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7BTRTRMCMO3OAWZ473K42G6BN2SJWZXG/

More information is in this message:
https://www.openwall.com/lists/oss-security/2019/01/14/1

Mageia 6 is also affected.
David Walser 2019-01-16 13:22:44 CET

Whiteboard: (none) => MGA6TOO

Comment 1 David Walser 2019-01-19 17:25:59 CET 
SUSE has issued an advisory for this on January 18:
http://lists.suse.com/pipermail/sle-security-updates/2019-January/005045.html

It adds a few more related CVEs.

Summary: openssh new security issue CVE-2018-20685 => openssh new security issues CVE-2018-20685, CVE-2019-6109, CVE-2019-611[01]

Comment 2 Marja Van Waes 2019-01-19 18:45:15 CET 
Sorry for taking three days to assign this security bug :-/

Assigning to the registered maintainer.

Assignee: bugsquad => guillomovitch
CC: (none) => marja11

Comment 3 David Walser 2019-02-01 19:34:05 CET 
openSUSE has issued advisories for this on January 28 and 29:
https://lists.opensuse.org/opensuse-updates/2019-01/msg00089.html
https://lists.opensuse.org/opensuse-updates/2019-01/msg00094.html
Comment 4 David Walser 2019-02-03 03:14:17 CET 
Moving CVE-2019-6109 and CVE-2019-611[01] to Bug 24308.

CVE-2018-20685 fixed in openssh-7.9p1-2.mga7 in Cauldron.

Summary: openssh new security issues CVE-2018-20685, CVE-2019-6109, CVE-2019-611[01] => openssh new security issue CVE-2018-20685
Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)

Comment 5 David Walser 2019-02-03 03:26:22 CET 
Patched package uploaded for Mageia 6.

Advisory:
========================

Updated openssh packages fix security vulnerability:

In OpenSSH, scp.c in the scp client allows remote SSH servers to bypass
intended access restrictions via the filename of . or an empty filename
(CVE-2018-20685).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685
https://lists.opensuse.org/opensuse-updates/2019-01/msg00094.html
========================

Updated packages in core/updates_testing:
========================
openssh-7.5p1-2.3.mga6
openssh-clients-7.5p1-2.3.mga6
openssh-server-7.5p1-2.3.mga6
openssh-askpass-common-7.5p1-2.3.mga6
openssh-askpass-7.5p1-2.3.mga6
openssh-askpass-gnome-7.5p1-2.3.mga6
openssh-ldap-7.5p1-2.3.mga6

from openssh-7.5p1-2.3.mga6.src.rpm

Assignee: guillomovitch => qa-bugs

Comment 6 PC LX 2019-02-03 15:28:36 CET 
Installed and tested without issues.

Client and server tests included:
- bash terminal;
- sshfs;
- rsync;
- git;
- scp;
- sftp;

System: Mageia 6, x86_64, Intel CPU.

$ uname -a
Linux marte 4.14.89-desktop-1.mga6 #1 SMP Mon Dec 17 13:14:48 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep openssh | sort
openssh-7.5p1-2.3.mga6
openssh-askpass-7.5p1-2.3.mga6
openssh-askpass-common-7.5p1-2.3.mga6
openssh-askpass-qt5-2.0.3-1.mga6
openssh-clients-7.5p1-2.3.mga6
openssh-server-7.5p1-2.3.mga6

Whiteboard: (none) => MGA6-64-OK
CC: (none) => mageia

Comment 7 Thomas Andrews 2019-02-11 00:39:36 CET 
Validating. Advisory in Comment 5.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2019-02-13 03:19:18 CET

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 8 Mageia Robot 2019-02-13 12:10:30 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0067.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED