CRUX

Welcome to CRUX bug tracking.
Tasklist

FS#1711 - openssh: CVE-2018-20685

Attached to Project: CRUX
Opened by Predrag Ivanovic (pedja) - Monday, 14 January 2019, 13:40 GMT
Last edited by Thomas Penteker (teK) - Wednesday, 16 January 2019, 22:10 GMT
Task Type Bug Report
Category ports
Status Closed
Assigned To CRUX Developers (crux)
Operating System CRUX
Severity High
Priority High
Reported Version 3.4
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

From https://security-tracker.debian.org/tracker/CVE-2018-20685
"In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers
to bypass intended access restrictions via the filename of . or an empty filename."

Upstream commit:
https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2
More info:
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
This task depends upon

Closed by  Thomas Penteker (teK)
Wednesday, 16 January 2019, 22:10 GMT
Reason for closing:  Fixed
Additional comments about closing:  fixed by commits 9004c74c, 181b6db5

Loading...