aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:14:34Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9997[3.9] openssh: Multiple vulnerabilities (CVE-2018-20685, CVE-2019-6109, CVE-2...2019-07-23T11:14:34ZAlicha CH[3.9] openssh: Multiple vulnerabilities (CVE-2018-20685, CVE-2019-6109, CVE-2019-6111)**CVE-2018-20685**: In OpenSSH 7.9, scp.c in the scp client allows
remote SSH servers to bypass intended access restrictions via the
filename of . or an empty filename. The impact is modifying the
permissions of the target directory on...**CVE-2018-20685**: In OpenSSH 7.9, scp.c in the scp client allows
remote SSH servers to bypass intended access restrictions via the
filename of . or an empty filename. The impact is modifying the
permissions of the target directory on the client side.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-20685
https://marc.info/?l=oss-security&m=154745764812881&w=2
### Patch:
https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2
**CVE-2019-6109**: An issue was discovered in OpenSSH 7.9. Due to
missing character encoding in the progress display, a malicious server
(or Man-in-The-Middle attacker) can employ crafted object names to
manipulate the client output, e.g., by using ANSI control codes to hide
additional files being transferred. This affects
refresh\_progress\_meter() in progressmeter.c.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-6109
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
### Patch:
https://github.com/openssh/openssh-portable/commit/8976f1c4b2721c26e878151f52bdf346dfe2d54c
possibly additionally needed:
https://github.com/openssh/openssh-portable/commit/bdc6c63c80b55bcbaa66b5fde31c1cb1d09a41eb
**CVE-2019-6111**: An issue was discovered in OpenSSH 7.9. Due to the
scp implementation being derived from 1983 rcp, the server chooses which
files/directories are sent to the client. However, the scp client only
performs cursory validation of the object name returned (only directory
traversal attacks are prevented). A malicious scp server (or
Man-in-The-Middle attacker) can overwrite arbitrary files in the scp
client target directory. If recursive operation (-r) is performed, the
server can manipulate subdirectories as well (for example, to overwrite
the .ssh/authorized\_keys file).
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-6111
### Patch:
https://github.com/openssh/openssh-portable/commit/391ffc4b9d31fa1f4ad566499fef9176ff8a07dc
*(from redmine: issue id 9997, created on 2019-02-20, closed on 2019-03-05)*
* Relations:
* parent #99953.9.2Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10042setup-alpine2019-07-23T11:14:09ZGareth Williamssetup-alpineRunning setup-alpine after booting the `alpine-3.9.1-standard.iso` image
results in an error:
ERROR: unsatisfiable constraints:
openssl (missing):
required by: world[openssl]
Available keyboard layouts:
/sbin/s...Running setup-alpine after booting the `alpine-3.9.1-standard.iso` image
results in an error:
ERROR: unsatisfiable constraints:
openssl (missing):
required by: world[openssl]
Available keyboard layouts:
/sbin/setup-keymap: cd: line 17; can't do cd to //usr/share/bkeymaps: No such file or directory
Select keyboard layout [none]:
Pressing the `Enter` key to continue with no keyboard layout allows you
to continue.
At the repository selection stage, selecting a repository (by entering a
number) works, but scanning for the faster fails.
The script continues until just after installing files to disk at which
point we get:
ERROR: unsatisfiable constraints:
.setup-timezone (missing):
required by: world[.setup-timezone]
localhost:~#
and the script stops running.
*(from redmine: issue id 10042, created on 2019-03-04, closed on 2019-03-04)*
* Changesets:
* Revision da6b6ebd06fc41e29b7ede2aa439dd76f87ede08 by Natanael Copa on 2019-03-04T14:30:34Z:
```
scripts/mkimg.base.sh: replace libressl with openssl
ref #10042
```
* Revision 9c6429b8bcdb9aba13325f049058bcfe7c79fb51 by Natanael Copa on 2019-03-04T14:32:20Z:
```
scripts/mkimg.base.sh: replace libressl with openssl
fixes #10042
(cherry picked from commit da6b6ebd06fc41e29b7ede2aa439dd76f87ede08)
```3.9.2