UbuntuUpdates.org

Bugs fixes in "openssh"

Origin Bug number Title Date fixed
CVE CVE-2016-10012 The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enfor 2018-01-22
CVE CVE-2016-10011 authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtai 2018-01-22
CVE CVE-2016-10010 sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to ga 2018-01-22
CVE CVE-2016-10009 Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modu 2018-01-22
Launchpad 1670745 ssh-keyscan : bad host signature when using port option 2017-05-10
Launchpad 1668093 ssh-keygen -H corrupts already hashed entries 2017-05-10
Launchpad 1670745 ssh-keyscan : bad host signature when using port option 2017-05-10
Launchpad 1668093 ssh-keygen -H corrupts already hashed entries 2017-05-10
Launchpad 1670745 ssh-keyscan : bad host signature when using port option 2017-04-06
Launchpad 1668093 ssh-keygen -H corrupts already hashed entries 2017-04-06
Launchpad 1670745 ssh-keyscan : bad host signature when using port option 2017-04-06
Launchpad 1668093 ssh-keygen -H corrupts already hashed entries 2017-04-06
CVE CVE-2016-6515 The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows r 2016-08-15
CVE CVE-2016-6210 User enumeration via covert timing channel 2016-08-15
CVE CVE-2016-6515 The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows r 2016-08-15
CVE CVE-2016-6210 User enumeration via covert timing channel 2016-08-15
CVE CVE-2016-6515 The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows r 2016-08-15
CVE CVE-2016-6210 User enumeration via covert timing channel 2016-08-15
CVE CVE-2016-6515 The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows r 2016-08-15
CVE CVE-2016-6210 User enumeration via covert timing channel 2016-08-15



About   -   Send Feedback to @ubuntu_updates