Posted: February 7th, 2019, 11:22am PST
Ubuntu Security Notice 3885-1 - Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked into connecting to an untrusted server, a remote attacker could possibly use these issues to write to arbitrary files, change directory permissions, and spoof client output.