Package "openssh-server"
Name: |
openssh-server
|
Description: |
secure shell (SSH) server, for secure access from remote machines
|
Latest version: |
1:7.6p1-4ubuntu0.5 |
Release: |
bionic (18.04) |
Level: |
security |
Repository: |
main |
Head package: |
openssh |
Homepage: |
http://www.openssh.com/ |
Links
Download "openssh-server"
Other versions of "openssh-server" in Bionic
Changelog
openssh (1:7.6p1-4ubuntu0.5) bionic-security; urgency=medium
* SECURITY REGRESSION: User enumeration issue (LP: #1934501)
- debian/patches/CVE-2018-15473.patch: updated to fix bad patch
backport.
-- Marc Deslauriers <email address hidden> Wed, 11 Aug 2021 14:02:09 -0400
|
Source diff to previous version |
1934501 |
CVE-2018-15473 patch introduce user enumeration vulnerability |
CVE-2018-15473 |
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packe |
|
openssh (1:7.6p1-4ubuntu0.3) bionic-security; urgency=medium
* SECURITY UPDATE: Incomplete fix for CVE-2019-6111
- debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
check in scp.c.
- CVE-2019-6111
* Fixed inverted CVE numbers in patch filenames and in previous
changelog.
-- Marc Deslauriers <email address hidden> Mon, 04 Mar 2019 07:17:51 -0500
|
Source diff to previous version |
CVE-2019-6111 |
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sen |
|
openssh (1:7.6p1-4ubuntu0.2) bionic-security; urgency=medium
* SECURITY UPDATE: access restrictions bypass in scp
- debian/patches/CVE-2018-20685.patch: disallow empty filenames
or ones that refer to the current directory in scp.c.
- CVE-2018-20685
* SECURITY UPDATE: scp client spoofing via object name
- debian/patches/CVE-2019-6109.patch: make sure the filenames match
the wildcard specified by the user, and add new flag to relax the new
restrictions in scp.c, scp.1.
- CVE-2019-6109
* SECURITY UPDATE: scp client missing received object name validation
- debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
scp.c, sftp-client.c.
- debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
- CVE-2019-6111
-- Marc Deslauriers <email address hidden> Thu, 31 Jan 2019 08:58:34 -0500
|
Source diff to previous version |
CVE-2018-20685 |
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. |
CVE-2019-6109 |
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) |
CVE-2019-6111 |
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sen |
|
openssh (1:7.6p1-4ubuntu0.1) bionic-security; urgency=medium
[ Ryan Finnie ]
* SECURITY UPDATE: OpenSSH User Enumeration Vulnerability (LP: #1794629)
- debian/patches/CVE-2018-15473.patch: delay bailout for invalid
authenticating user until after the packet containing the request
has been fully parsed.
- CVE-2018-15473
-- <email address hidden> (Leonidas S. Barbosa) Mon, 05 Nov 2018 08:51:29 -0300
|
1794629 |
CVE-2018-15473 - User enumeration vulnerability |
CVE-2018-15473 |
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packe |
|
About
-
Send Feedback to @ubuntu_updates