CLSA-2025-1754941200

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1754941200.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2025-1754941200

Upstream

CVE-2018-20685

CVE-2019-6109

CVE-2019-6111

Published

2025-08-11T19:40:04Z

Modified

2026-06-01T00:33:18.023627805Z

Summary

openssh: Fix of 3 CVEs

Details

CVE-2018-20685: fix a vulnerability scp client where a malicious server could bypass intended access restrictions and modify target directory permissions via crafted filenames
CVE-2019-6109: fix scp client where a malicious server could manipulate the client's progress display output due to missing character encoding
CVE-2019-6111: fix scp client vulnerability that allowed a malicious server to overwrite arbitrary files in the client's target directory, including subdirectories, when performing transfers

References

https://errata.tuxcare.com/els_os/centos7els/CLSA-2025-1754941200.html

Affected packages

TuxCare:CentOS:7

openssh

Package

Name: openssh
Purl: pkg:rpm/tuxcare/openssh?distro=centos-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.4p1-23.0.3.el7_9.tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1754941200.json"

openssh-askpass

Package

Name: openssh-askpass
Purl: pkg:rpm/tuxcare/openssh-askpass?distro=centos-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.4p1-23.0.3.el7_9.tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1754941200.json"

openssh-cavs

Package

Name: openssh-cavs
Purl: pkg:rpm/tuxcare/openssh-cavs?distro=centos-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.4p1-23.0.3.el7_9.tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1754941200.json"

openssh-clients

Package

Name: openssh-clients
Purl: pkg:rpm/tuxcare/openssh-clients?distro=centos-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.4p1-23.0.3.el7_9.tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1754941200.json"

openssh-keycat

Package

Name: openssh-keycat
Purl: pkg:rpm/tuxcare/openssh-keycat?distro=centos-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.4p1-23.0.3.el7_9.tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1754941200.json"

openssh-ldap

Package

Name: openssh-ldap
Purl: pkg:rpm/tuxcare/openssh-ldap?distro=centos-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.4p1-23.0.3.el7_9.tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1754941200.json"

openssh-server

Package

Name: openssh-server
Purl: pkg:rpm/tuxcare/openssh-server?distro=centos-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.4p1-23.0.3.el7_9.tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1754941200.json"

openssh-server-sysvinit

Package

Name: openssh-server-sysvinit
Purl: pkg:rpm/tuxcare/openssh-server-sysvinit?distro=centos-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.4p1-23.0.3.el7_9.tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1754941200.json"

pam_ssh_agent_auth

Package

Name: pam_ssh_agent_auth
Purl: pkg:rpm/tuxcare/pam_ssh_agent_auth?distro=centos-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.3-2.23.0.3.el7_9.tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1754941200.json"