RHSA-2019:3702-01 -- Redhat opensshID: oval:org.secpod.oval:def:66496 | Date: (C)2020-10-30 (M)2023-03-29 |
Class: PATCH | Family: unix |
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. The following packages have been upgraded to a later upstream version: openssh . Security Fix: * openssh: scp client improper directory name validation * openssh: Improper validation of object names allows malicious server to overwrite files via scp client * openssh: Missing character encoding in progress display allows for spoofing of scp client output For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the CentOS 8.1 Release Notes linked from the References section.