{"affected":[{"ecosystem_specific":{"binaries":[{"openssh":"6.6p1-54.32.1","openssh-askpass-gnome":"6.6p1-54.32.1","openssh-fips":"6.6p1-54.32.1","openssh-helpers":"6.6p1-54.32.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","name":"openssh","purl":"pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.6p1-54.32.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"openssh":"6.6p1-54.32.1","openssh-askpass-gnome":"6.6p1-54.32.1","openssh-fips":"6.6p1-54.32.1","openssh-helpers":"6.6p1-54.32.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","name":"openssh-askpass-gnome","purl":"pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.6p1-54.32.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"openssh":"6.6p1-54.32.1","openssh-askpass-gnome":"6.6p1-54.32.1","openssh-fips":"6.6p1-54.32.1","openssh-helpers":"6.6p1-54.32.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"openssh","purl":"pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.6p1-54.32.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"openssh":"6.6p1-54.32.1","openssh-askpass-gnome":"6.6p1-54.32.1","openssh-fips":"6.6p1-54.32.1","openssh-helpers":"6.6p1-54.32.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"openssh-askpass-gnome","purl":"pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.6p1-54.32.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"openssh":"6.6p1-54.32.1","openssh-askpass-gnome":"6.6p1-54.32.1","openssh-fips":"6.6p1-54.32.1","openssh-helpers":"6.6p1-54.32.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP1-LTSS","name":"openssh","purl":"pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.6p1-54.32.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"openssh":"6.6p1-54.32.1","openssh-askpass-gnome":"6.6p1-54.32.1","openssh-fips":"6.6p1-54.32.1","openssh-helpers":"6.6p1-54.32.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP1-LTSS","name":"openssh-askpass-gnome","purl":"pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.6p1-54.32.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for openssh fixes the following issues:\n\nSecurity vulnerabilities addressed:\n\n- CVE-2019-6109: Fixed an character encoding issue in the progress display of\n  the scp client that could be used to manipulate client output, allowing\n  for spoofing during file transfers (bsc#1121816).\n- CVE-2019-6111: Properly validate object names received by the scp client to\n  prevent arbitrary file overwrites when interacting with a malicious SSH server\n  (bsc#1121821).\n\nOther issues fixed: \n\n- Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183).\n- Returned proper reason for port forwarding failures (bsc#1090671).\n- Fixed SSHD termination of multichannel sessions with non-root users (bsc#1115550).\n","id":"SUSE-SU-2019:0941-1","modified":"2019-04-12T13:58:12Z","published":"2019-04-12T13:58:12Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20190941-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1090671"},{"type":"REPORT","url":"https://bugzilla.suse.com/1115550"},{"type":"REPORT","url":"https://bugzilla.suse.com/1119183"},{"type":"REPORT","url":"https://bugzilla.suse.com/1121816"},{"type":"REPORT","url":"https://bugzilla.suse.com/1121821"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-6109"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-6111"}],"related":["CVE-2019-6109","CVE-2019-6111"],"summary":"Security update for openssh","upstream":["CVE-2019-6109","CVE-2019-6111"]}