Loading...

XML

Word

Printable

Type: Security Vulnerability
Resolution: Fixed
Priority: Normal
Fix Version/s: None
Component/s: None
Labels:
None

currently latest version of openssh in meta-repo (core-kit) is 8.1_p1-r1. It has two vulnerabilities:

CVE-2020-14145 with base score 5.9 MEDIUM

The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy
leading to an information leak in the algorithm negotiation.

CVE-2020-15778 with base score 7.8 HIGH

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function
(...)
NOTE: the vendor reportedly has stated that they intentionally omit validation
of "anomalous argument transfers" because that could "stand a great chance
of breaking existing workflows."

duplicates

FL-7545 Openssh CVE-2020-14145 CVE-2020-15778

Closed

relates to

FL-7810 sys-libs/glibc-2.29-r3 - multiple high severity vulnerabilities

Closed

Assignee:: drobbins

Reporter:: mrl5

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 19/Dec/20 4:48 AM

Updated:: 01/Mar/21 12:02 AM

Resolved:: 01/Mar/21 12:02 AM