Package dropbear updated to version 2025.89-alt1 for branch sisyphus in task 403153.

Published: 2019-03-01
Modified: 2025-12-19

BDU:2019-00830

Уязвимость реализаций утилиты для удаленного копирования файлов scp, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю манипулировать файлами в каталоге клиента

Severity: MEDIUM (5.9) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: MEDIUM (5.4) Vector: AV:N/AC:H/Au:N/C:N/I:C/A:N

References:

CVE-2019-6111

Published: 2019-10-29
Modified: 2022-04-14

BDU:2019-03788

Уязвимость средства криптографической защиты OpenSSH, вызваная ошибками при проверке имени каталога scp.c в клиенте scp, позволяющая нарушителю изменить права доступа к целевому каталогу

Severity: MEDIUM (5.9) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

References:

Published: 2019-01-31
Modified: 2025-12-18

CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

No data currently available.

Version: 2.1.2

Package dropbear update in sisyphus on 2025-12-18

ALT-PU-2025-15908-2

Closed vulnerabilities

BDU:2019-00830

BDU:2019-03788

CVE-2019-6111

CVE-2025-14282