UbuntuUpdates.org

Package "openssh"

Name: openssh

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • secure shell client and server (transitional package)

Latest version: 1:6.6p1-2ubuntu2.13
Release: trusty (14.04)
Level: security
Repository: universe

Links



Other versions of "openssh" in Trusty

Repository Area Version
base universe 1:6.6p1-2ubuntu1
base main 1:6.6p1-2ubuntu1
security main 1:6.6p1-2ubuntu2.13
updates universe 1:6.6p1-2ubuntu2.13
updates main 1:6.6p1-2ubuntu2.13

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:6.6p1-2ubuntu2.13 2019-03-04 19:07:07 UTC

  openssh (1:6.6p1-2ubuntu2.13) trusty-security; urgency=medium

  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-pre1.patch: add reallocarray to
      openbsd-compat/Makefile.in, openbsd-compat/openbsd-compat.h,
      openbsd-compat/reallocarray.c.
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

 -- Marc Deslauriers <email address hidden> Mon, 04 Mar 2019 07:52:28 -0500

Source diff to previous version
CVE-2019-6111 An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sen

Version: 1:6.6p1-2ubuntu2.12 2019-02-07 19:07:28 UTC

  openssh (1:6.6p1-2ubuntu2.12) trusty-security; urgency=medium

  * SECURITY UPDATE: access restrictions bypass in scp
    - debian/patches/CVE-2018-20685.patch: disallow empty filenames
      or ones that refer to the current directory in scp.c.
    - CVE-2018-20685
  * SECURITY UPDATE: scp client spoofing via object name
    - debian/patches/CVE-2019-6109.patch: make sure the filenames match
      the wildcard specified by the user, and add new flag to relax the new
      restrictions in scp.c, scp.1.
    - CVE-2019-6109
  * SECURITY UPDATE: scp client missing received object name validation
    - debian/patches/CVE-2019-6111-pre1.patch: backport snmprintf from
      newer OpenSSH in Makefile.in, utf8.c, utf8.h, configure.ac.
    - debian/patches/CVE-2019-6111-pre2.patch: update vis.h and vis.c from
      newer OpenSSH.
    - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
      snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
      scp.c, sftp-client.c.
    - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
      progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
    - CVE-2019-6111

 -- Marc Deslauriers <email address hidden> Thu, 31 Jan 2019 11:18:29 -0500

Source diff to previous version
CVE-2018-20685 In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename.
CVE-2019-6109 An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker)
CVE-2019-6111 An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sen

Version: 1:6.6p1-2ubuntu2.11 2018-11-06 15:06:19 UTC

  openssh (1:6.6p1-2ubuntu2.11) trusty-security; urgency=medium

  * SECURITY UPDATE: OpenSSH User Enumeration Vulnerability (LP: #1794629)
    - debian/patches/CVE-2018-15473.patch: delay bailout for invalid
      authenticating user until after the packet containing the request
      has been fully parsed.
    - CVE-2018-15473
  [ Leonidas S. Barbosa ]
  * SECURITY UPDATE: Privsep process chrashing via an out-of-sequence
    - debian/patches/CVE-2016-10708.patch: fix in kex.c,
      pack.c.
    - CVE-2016-10708

 -- Ryan Finnie <email address hidden> Sat, 13 Oct 2018 23:31:08 +0000

Source diff to previous version
1794629 CVE-2018-15473 - User enumeration vulnerability
CVE-2018-15473 OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packe
CVE-2016-10708 sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NE

Version: 1:6.6p1-2ubuntu2.10 2018-01-22 18:06:36 UTC

  openssh (1:6.6p1-2ubuntu2.10) trusty-security; urgency=medium

  * SECURITY UPDATE: untrusted search path when loading PKCS#11 modules
    - debian/patches/CVE-2016-10009.patch: add a whitelist of paths from
      which ssh-agent will load a PKCS#11 module in ssh-agent.1,
      ssh-agent.c.
    - debian/patches/CVE-2016-10009-2.patch: fix deletion of PKCS#11 keys
      in ssh-agent.c.
    - debian/patches/CVE-2016-10009-3.patch: relax whitelist in
      ssh-agent.c.
    - debian/patches/CVE-2016-10009-4.patch: add missing label in
      ssh-agent.c.
    - CVE-2016-10009
  * SECURITY UPDATE: local information disclosure via effects of realloc on
    buffer contents
    - debian/patches/CVE-2016-10011.patch: pre-allocate the buffer used for
      loading keys in authfile.c.
    - CVE-2016-10011
  * SECURITY UPDATE: local privilege escalation via incorrect bounds check
    in shared memory manager
    - debian/patches/CVE-2016-10012-1-2.patch: remove support for
      pre-authentication compression in kex.c, kex.h, Makefile.in,
      monitor.c, monitor.h, monitor_wrap.c, monitor_wrap.h, myproposal.h,
      packet.c, servconf.c, sshd.c, sshd_config.5.
    - debian/patches/CVE-2016-10012-3.patch: put back some pre-auth zlib
      bits in kex.c, kex.h, packet.c.
    - CVE-2016-10012
  * SECURITY UPDATE: DoS via zero-length file creation in readonly mode
    - debian/patches/CVE-2017-15906.patch: disallow creation of empty files
      in sftp-server.c.
    - CVE-2017-15906

 -- Marc Deslauriers <email address hidden> Mon, 15 Jan 2018 11:28:55 -0500

Source diff to previous version
CVE-2016-10009 Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modu
CVE-2016-10011 authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtai
CVE-2016-10012 The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enfor
CVE-2017-15906 The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers

Version: 1:6.6p1-2ubuntu2.8 2016-08-15 18:07:12 UTC

  openssh (1:6.6p1-2ubuntu2.8) trusty-security; urgency=medium

  * SECURITY UPDATE: user enumeration via covert timing channel
    - debian/patches/CVE-2016-6210-1.patch: determine appropriate salt for
      invalid users in auth-passwd.c, openbsd-compat/xcrypt.c.
    - debian/patches/CVE-2016-6210-2.patch: mitigate timing of disallowed
      users PAM logins in auth-pam.c.
    - debian/patches/CVE-2016-6210-3.patch: search users for one with a
      valid salt in openbsd-compat/xcrypt.c.
    - CVE-2016-6210
  * SECURITY UPDATE: denial of service via long passwords
    - debian/patches/CVE-2016-6515.patch: skip passwords longer than 1k in
      length in auth-passwd.c.
    - CVE-2016-6515

 -- Marc Deslauriers <email address hidden> Thu, 11 Aug 2016 08:43:06 -0400

CVE-2016-6210 User enumeration via covert timing channel
CVE-2016-6515 The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows r



About   -   Send Feedback to @ubuntu_updates