Package "openssh"
Name: |
openssh
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- secure shell client and server (transitional package)
|
Latest version: |
1:5.9p1-5ubuntu1.10 |
Release: |
precise (12.04) |
Level: |
updates |
Repository: |
universe |
Links
Other versions of "openssh" in Precise
Packages in group
Deleted packages are displayed in grey.
Changelog
openssh (1:5.9p1-5ubuntu1.10) precise-security; urgency=medium
* SECURITY UPDATE: user enumeration via covert timing channel
- debian/patches/CVE-2016-6210-1.patch: determine appropriate salt for
invalid users in auth-passwd.c, openbsd-compat/xcrypt.c.
- debian/patches/CVE-2016-6210-2.patch: mitigate timing of disallowed
users PAM logins in auth-pam.c.
- debian/patches/CVE-2016-6210-3.patch: search users for one with a
valid salt in openbsd-compat/xcrypt.c.
- CVE-2016-6210
* SECURITY UPDATE: denial of service via long passwords
- debian/patches/CVE-2016-6515.patch: skip passwords longer than 1k in
length in auth-passwd.c.
- CVE-2016-6515
-- Marc Deslauriers <email address hidden> Thu, 11 Aug 2016 08:44:39 -0400
|
Source diff to previous version |
CVE-2016-6210 |
User enumeration via covert timing channel |
CVE-2016-6515 |
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows r |
|
openssh (1:5.9p1-5ubuntu1.9) precise-security; urgency=medium
* SECURITY UPDATE: privilege escalation via environment files when
UseLogin is configured
- debian/patches/CVE-2015-8325.patch: ignore PAM environment vars when
UseLogin is enabled in session.c.
- CVE-2015-8325
* SECURITY UPDATE: fallback from untrusted X11-forwarding to trusted
- debian/patches/CVE-2016-1908-1.patch: use stack memory in
clientloop.c.
- debian/patches/CVE-2016-1908-2.patch: eliminate fallback in
clientloop.c, clientloop.h, mux.c, ssh.c.
- CVE-2016-1908
* SECURITY UPDATE: shell-command restrictions bypass via crafted X11
forwarding data
- debian/patches/CVE-2016-3115.patch: sanitise characters destined for
xauth in session.c.
- CVE-2016-3115
-- Marc Deslauriers <email address hidden> Thu, 05 May 2016 08:43:04 -0400
|
Source diff to previous version |
CVE-2015-8325 |
ignore PAM environment vars when UseLogin=yes |
CVE-2016-1908 |
Eliminate the fallback from untrusted X11-forwarding to trusted forwarding for cases when the X server disables the SECURITY extension |
CVE-2016-3115 |
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-comman |
|
openssh (1:5.9p1-5ubuntu1.8) precise-security; urgency=medium
* SECURITY UPDATE: information leak and overflow in roaming support
- debian/patches/CVE-2016-077x.patch: completely disable roaming option
in readconf.c.
- CVE-2016-0777
- CVE-2016-0778
-- Marc Deslauriers Wed, 13 Jan 2016 10:49:17 -0500
|
Source diff to previous version |
openssh (1:5.9p1-5ubuntu1.7) precise-security; urgency=medium
* SECURITY REGRESSION: random auth failures because of uninitialized
struct field (LP: #1485719)
- debian/patches/CVE-2015-5600-2.patch:
-- Marc Deslauriers Mon, 17 Aug 2015 21:53:19 -0400
|
Source diff to previous version |
1485719 |
Uninitialized struct field in the fix for CVE-2015-5600 causes random auth failures |
CVE-2015-5600 |
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive dev |
|
openssh (1:5.9p1-5ubuntu1.6) precise-security; urgency=medium
* SECURITY UPDATE: possible user impersonation via PAM support
- debian/patches/pam-security-1.patch: don't resend username to PAM in
monitor.c, monitor_wrap.c.
- CVE number pending
* SECURITY UPDATE: use-after-free in PAM support
- debian/patches/pam-security-2.patch: fix use after free in monitor.c.
- CVE number pending
* SECURITY UPDATE:
- debian/patches/CVE-2015-5600.patch: only query each
keyboard-interactive device once per authentication request in
auth2-chall.c.
- CVE-2015-5600
* SECURITY UPDATE: X connections access restriction bypass
- debian/patches/CVE-2015-5352.patch: refuse ForwardX11Trusted=no
connections attempted after ForwardX11Timeout expires in channels.c,
channels.h, clientloop.c.
- CVE-2015-5352
-- Marc Deslauriers Fri, 14 Aug 2015 07:45:28 -0400
|
CVE-2015-5600 |
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive dev |
CVE-2015-5352 |
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadli |
|
About
-
Send Feedback to @ubuntu_updates