Bug#793412: marked as done (openssh-client: scp can send arbitrary control characters / escape sequences to the terminal (CVE-2019-6109))

To: Yves-Alexis Perez <corsac@debian.org>
Subject: Bug#793412: marked as done (openssh-client: scp can send arbitrary control characters / escape sequences to the terminal (CVE-2019-6109))
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 09 Feb 2019 21:51:04 +0000
Message-id: <[🔎] handler.793412.D793412.15497488584309.ackdone@bugs.debian.org>
Reply-to: 793412@bugs.debian.org
References: <E1gsaTH-0003Ol-I4@fasolo.debian.org> <20150723192251.GA21069@zira.vinc17.org>

Your message dated Sat, 09 Feb 2019 21:47:35 +0000
with message-id <E1gsaTH-0003Ol-I4@fasolo.debian.org>
and subject line Bug#793412: fixed in openssh 1:7.4p1-10+deb9u5
has caused the Debian Bug report #793412,
regarding openssh-client: scp can send arbitrary control characters / escape sequences to the terminal (CVE-2019-6109)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
793412: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793412
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: openssh-client: scp can send arbitrary control characters / escape sequences to the terminal
From: Vincent Lefevre <vincent@vinc17.net>
Date: Thu, 23 Jul 2015 21:22:51 +0200
Message-id: <20150723192251.GA21069@zira.vinc17.org>

Package: openssh-client
Version: 1:6.7p1-6
Severity: important
Tags: security
Forwarded: https://bugzilla.mindrot.org/show_bug.cgi?id=2434

I have reported the following bug upstream (I don't think it is
specific to Debian):

When outputting filenames to the terminal, scp doesn't filter out
non-printable characters. Example:

$ touch "ab`tput clear`cd"
$ ls ab*
ab?[H?[2Jcd
$ scp ab* localhost:/tmp

clears the screen.

-- System Information:
Debian Release: stretch/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openssh-client depends on:
ii  adduser           3.113+nmu3
ii  dpkg              1.18.1
ii  libc6             2.19-19
ii  libedit2          3.1-20150325-1
ii  libgssapi-krb5-2  1.13.2+dfsg-2
ii  libselinux1       2.3-2+b1
ii  libssl1.0.0       1.0.2d-1
ii  passwd            1:4.2-3
ii  zlib1g            1:1.2.8.dfsg-2+b1

Versions of packages openssh-client recommends:
ii  xauth  1:1.0.9-1

Versions of packages openssh-client suggests:
pn  keychain      <none>
pn  libpam-ssh    <none>
pn  monkeysphere  <none>
pn  ssh-askpass   <none>

-- no debconf information

--- End Message ---

--- Begin Message ---

To: 793412-close@bugs.debian.org
Subject: Bug#793412: fixed in openssh 1:7.4p1-10+deb9u5
From: Yves-Alexis Perez <corsac@debian.org>
Date: Sat, 09 Feb 2019 21:47:35 +0000
Message-id: <E1gsaTH-0003Ol-I4@fasolo.debian.org>

Source: openssh
Source-Version: 1:7.4p1-10+deb9u5

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 793412@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yves-Alexis Perez <corsac@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 08 Feb 2019 15:25:55 +0100
Source: openssh
Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.4p1-10+deb9u5
Distribution: stretch-security
Urgency: high
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Yves-Alexis Perez <corsac@debian.org>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 793412 919101
Changes:
 openssh (1:7.4p1-10+deb9u5) stretch; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2018-20685: disallow empty filenames or ones that refer to the current
     directory (Closes: #919101)
   * CVE-2019-6109: sanitize scp filenames via snmprintf (Closes: #793412)
   * CVE-2019-6111: check in scp client that filenames sent during
     remote->local directory copies satisfy the wildcards specified by the user
Checksums-Sha1:
 2d038f4859239b51adbee98682205f463261b664 2579 openssh_7.4p1-10+deb9u5.dsc
 72bea04dd41ffc65144ab64ac403736a22f39c2a 168672 openssh_7.4p1-10+deb9u5.debian.tar.xz
Checksums-Sha256:
 ee597af8d79c7d06c861d6b93c0a0815043bb3af38610a1fccc75586025cdf26 2579 openssh_7.4p1-10+deb9u5.dsc
 9f7c9e08e1a3b4dfe974a700be18919c2f03e6e22d1284999c101147d2f636f7 168672 openssh_7.4p1-10+deb9u5.debian.tar.xz
Files:
 17d02f62aa25e2294dfd4c66ac32a57b 2579 net standard openssh_7.4p1-10+deb9u5.dsc
 7cc33cd435d3811e856ba631724620da 168672 net standard openssh_7.4p1-10+deb9u5.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlxeupoACgkQ3rYcyPpX
RFtqTQgA5zlaJqHdhZx9zHnYHT+oKswV+A06XwgFieQXMeqNlSaPidSv0m+vzYAD
UP3cBeC6Sse8beVtdkngCr+SzHWtAePxgL1pmS/9fY9B0Jl9iJQ6X8D3wYnAZhFa
Gde7vHkeUMg8ToVPnxQ+hsCkwQ85mqj60r489udBePcbXFQhziiUZzYxUcq3/t8O
hc4134tfl2BhCWwMrI/gvFd/daqrWm6S0drL/CnUS3LJ+5DvQJq68nS+K2Nq3Q3h
REddZ8XZSQIokw0TswFELsCWGI+RflxxQmvzRs+NUugLjGLSosV4fXroh5QjMTZs
C02dEH/xsY+1MWGuBn9v5cIUw8hGJw==
=lF3o
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#796314: marked as done (openssh-client: scp can send arbitrary control characters / escape sequences to the terminal (CVE-2019-6109))
Next by Date: Bug#919101: marked as done (openssh: CVE-2018-20685: scp.c in the scp client allows remote SSH servers to bypass intended access restrictions)
Previous by thread: Bug#793412: marked as done (openssh-client: scp can send arbitrary control characters / escape sequences to the terminal (CVE-2019-6109))
Next by thread: Bug#796314: marked as done (openssh-client: scp can send arbitrary control characters / escape sequences to the terminal (CVE-2019-6109))
Index(es):
- Date
- Thread