Package "openssh"

Name: openssh


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • secure shell client and server (transitional package)

Latest version: 1:6.6p1-2ubuntu2.12
Release: trusty (14.04)
Level: security
Repository: universe


Save this URL for the latest version of "openssh": https://www.ubuntuupdates.org/openssh

Other versions of "openssh" in Trusty

Repository Area Version
base universe 1:6.6p1-2ubuntu1
base main 1:6.6p1-2ubuntu1
security main 1:6.6p1-2ubuntu2.12
updates universe 1:6.6p1-2ubuntu2.12
updates main 1:6.6p1-2ubuntu2.12

Packages in group

Deleted packages are displayed in grey.


Version: 1:6.6p1-2ubuntu2.12 2019-02-07 19:07:28 UTC

  openssh (1:6.6p1-2ubuntu2.12) trusty-security; urgency=medium

  * SECURITY UPDATE: access restrictions bypass in scp
    - debian/patches/CVE-2018-20685.patch: disallow empty filenames
      or ones that refer to the current directory in scp.c.
    - CVE-2018-20685
  * SECURITY UPDATE: scp client spoofing via object name
    - debian/patches/CVE-2019-6109.patch: make sure the filenames match
      the wildcard specified by the user, and add new flag to relax the new
      restrictions in scp.c, scp.1.
    - CVE-2019-6109
  * SECURITY UPDATE: scp client missing received object name validation
    - debian/patches/CVE-2019-6111-pre1.patch: backport snmprintf from
      newer OpenSSH in Makefile.in, utf8.c, utf8.h, configure.ac.
    - debian/patches/CVE-2019-6111-pre2.patch: update vis.h and vis.c from
      newer OpenSSH.
    - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
      snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
      scp.c, sftp-client.c.
    - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
      progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
    - CVE-2019-6111

 -- Marc Deslauriers <email address hidden> Thu, 31 Jan 2019 11:18:29 -0500

Source diff to previous version
CVE-2018-20685 In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename.
CVE-2019-6109 An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker)
CVE-2019-6111 An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sen

Version: 1:6.6p1-2ubuntu2.11 2018-11-06 15:06:19 UTC

  openssh (1:6.6p1-2ubuntu2.11) trusty-security; urgency=medium

  * SECURITY UPDATE: OpenSSH User Enumeration Vulnerability (LP: #1794629)
    - debian/patches/CVE-2018-15473.patch: delay bailout for invalid
      authenticating user until after the packet containing the request
      has been fully parsed.
    - CVE-2018-15473
  [ Leonidas S. Barbosa ]
  * SECURITY UPDATE: Privsep process chrashing via an out-of-sequence
    - debian/patches/CVE-2016-10708.patch: fix in kex.c,
    - CVE-2016-10708

 -- Ryan Finnie <email address hidden> Sat, 13 Oct 2018 23:31:08 +0000

Source diff to previous version
1794629 CVE-2018-15473 - User enumeration vulnerability
CVE-2018-15473 OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packe
CVE-2016-10708 sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NE

Version: 1:6.6p1-2ubuntu2.10 2018-01-22 18:06:36 UTC

  openssh (1:6.6p1-2ubuntu2.10) trusty-security; urgency=medium

  * SECURITY UPDATE: untrusted search path when loading PKCS#11 modules
    - debian/patches/CVE-2016-10009.patch: add a whitelist of paths from
      which ssh-agent will load a PKCS#11 module in ssh-agent.1,
    - debian/patches/CVE-2016-10009-2.patch: fix deletion of PKCS#11 keys
      in ssh-agent.c.
    - debian/patches/CVE-2016-10009-3.patch: relax whitelist in
    - debian/patches/CVE-2016-10009-4.patch: add missing label in
    - CVE-2016-10009
  * SECURITY UPDATE: local information disclosure via effects of realloc on
    buffer contents
    - debian/patches/CVE-2016-10011.patch: pre-allocate the buffer used for
      loading keys in authfile.c.
    - CVE-2016-10011
  * SECURITY UPDATE: local privilege escalation via incorrect bounds check
    in shared memory manager
    - debian/patches/CVE-2016-10012-1-2.patch: remove support for
      pre-authentication compression in kex.c, kex.h, Makefile.in,
      monitor.c, monitor.h, monitor_wrap.c, monitor_wrap.h, myproposal.h,
      packet.c, servconf.c, sshd.c, sshd_config.5.
    - debian/patches/CVE-2016-10012-3.patch: put back some pre-auth zlib
      bits in kex.c, kex.h, packet.c.
    - CVE-2016-10012
  * SECURITY UPDATE: DoS via zero-length file creation in readonly mode
    - debian/patches/CVE-2017-15906.patch: disallow creation of empty files
      in sftp-server.c.
    - CVE-2017-15906

 -- Marc Deslauriers <email address hidden> Mon, 15 Jan 2018 11:28:55 -0500

Source diff to previous version
CVE-2016-10009 Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modu
CVE-2016-10011 authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtai
CVE-2016-10012 The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enfor
CVE-2017-15906 The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers

Version: 1:6.6p1-2ubuntu2.8 2016-08-15 18:07:12 UTC

  openssh (1:6.6p1-2ubuntu2.8) trusty-security; urgency=medium

  * SECURITY UPDATE: user enumeration via covert timing channel
    - debian/patches/CVE-2016-6210-1.patch: determine appropriate salt for
      invalid users in auth-passwd.c, openbsd-compat/xcrypt.c.
    - debian/patches/CVE-2016-6210-2.patch: mitigate timing of disallowed
      users PAM logins in auth-pam.c.
    - debian/patches/CVE-2016-6210-3.patch: search users for one with a
      valid salt in openbsd-compat/xcrypt.c.
    - CVE-2016-6210
  * SECURITY UPDATE: denial of service via long passwords
    - debian/patches/CVE-2016-6515.patch: skip passwords longer than 1k in
      length in auth-passwd.c.
    - CVE-2016-6515

 -- Marc Deslauriers <email address hidden> Thu, 11 Aug 2016 08:43:06 -0400

Source diff to previous version
CVE-2016-6210 User enumeration via covert timing channel
CVE-2016-6515 The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows r

Version: 1:6.6p1-2ubuntu2.7 2016-05-09 20:08:47 UTC

  openssh (1:6.6p1-2ubuntu2.7) trusty-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via environment files when
    UseLogin is configured
    - debian/patches/CVE-2015-8325.patch: ignore PAM environment vars when
      UseLogin is enabled in session.c.
    - CVE-2015-8325
  * SECURITY UPDATE: fallback from untrusted X11-forwarding to trusted
    - debian/patches/CVE-2016-1908-1.patch: use stack memory in
    - debian/patches/CVE-2016-1908-2.patch: eliminate fallback in
      clientloop.c, clientloop.h, mux.c, ssh.c.
    - CVE-2016-1908
  * SECURITY UPDATE: shell-command restrictions bypass via crafted X11
    forwarding data
    - debian/patches/CVE-2016-3115.patch: sanitise characters destined for
      xauth in session.c.
    - CVE-2016-3115

 -- Marc Deslauriers <email address hidden> Thu, 05 May 2016 08:29:07 -0400

CVE-2015-8325 ignore PAM environment vars when UseLogin=yes
CVE-2016-1908 Eliminate the fallback from untrusted X11-forwarding to trusted forwarding for cases when the X server disables the SECURITY extension
CVE-2016-3115 Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-comman

About   -   Send Feedback to @ubuntu_updates