Package "openssh-client"
Name: |
openssh-client
|
Description: |
secure shell (SSH) client, for secure access to remote machines
|
Latest version: |
1:6.6p1-2ubuntu2.13 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
main |
Head package: |
openssh |
Homepage: |
http://www.openssh.org/ |
Links
Download "openssh-client"
Other versions of "openssh-client" in Trusty
Changelog
openssh (1:6.6p1-2ubuntu2.7) trusty-security; urgency=medium
* SECURITY UPDATE: privilege escalation via environment files when
UseLogin is configured
- debian/patches/CVE-2015-8325.patch: ignore PAM environment vars when
UseLogin is enabled in session.c.
- CVE-2015-8325
* SECURITY UPDATE: fallback from untrusted X11-forwarding to trusted
- debian/patches/CVE-2016-1908-1.patch: use stack memory in
clientloop.c.
- debian/patches/CVE-2016-1908-2.patch: eliminate fallback in
clientloop.c, clientloop.h, mux.c, ssh.c.
- CVE-2016-1908
* SECURITY UPDATE: shell-command restrictions bypass via crafted X11
forwarding data
- debian/patches/CVE-2016-3115.patch: sanitise characters destined for
xauth in session.c.
- CVE-2016-3115
-- Marc Deslauriers <email address hidden> Thu, 05 May 2016 08:29:07 -0400
|
Source diff to previous version |
CVE-2015-8325 |
ignore PAM environment vars when UseLogin=yes |
CVE-2016-1908 |
Eliminate the fallback from untrusted X11-forwarding to trusted forwarding for cases when the X server disables the SECURITY extension |
CVE-2016-3115 |
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-comman |
|
openssh (1:6.6p1-2ubuntu2.4) trusty-security; urgency=medium
* SECURITY UPDATE: information leak and overflow in roaming support
- debian/patches/CVE-2016-077x.patch: completely disable roaming option
in readconf.c.
- CVE-2016-0777
- CVE-2016-0778
-- Marc Deslauriers Wed, 13 Jan 2016 10:48:19 -0500
|
Source diff to previous version |
openssh (1:6.6p1-2ubuntu2.3) trusty-security; urgency=medium
* SECURITY REGRESSION: random auth failures because of uninitialized
struct field (LP: #1485719)
- debian/patches/CVE-2015-5600-2.patch:
-- Marc Deslauriers Mon, 17 Aug 2015 21:52:52 -0400
|
Source diff to previous version |
1485719 |
Uninitialized struct field in the fix for CVE-2015-5600 causes random auth failures |
CVE-2015-5600 |
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive dev |
|
openssh (1:6.6p1-2ubuntu2.2) trusty-security; urgency=medium
* SECURITY UPDATE: possible user impersonation via PAM support
- debian/patches/pam-security-1.patch: don't resend username to PAM in
monitor.c, monitor_wrap.c.
- CVE number pending
* SECURITY UPDATE: use-after-free in PAM support
- debian/patches/pam-security-2.patch: fix use after free in monitor.c.
- CVE number pending
* SECURITY UPDATE:
- debian/patches/CVE-2015-5600.patch: only query each
keyboard-interactive device once per authentication request in
auth2-chall.c.
- CVE-2015-5600
* SECURITY UPDATE: X connections access restriction bypass
- debian/patches/CVE-2015-5352.patch: refuse ForwardX11Trusted=no
connections attempted after ForwardX11Timeout expires in channels.c,
channels.h, clientloop.c.
- CVE-2015-5352
-- Marc Deslauriers Fri, 14 Aug 2015 07:31:00 -0400
|
CVE-2015-5600 |
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive dev |
CVE-2015-5352 |
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadli |
|
About
-
Send Feedback to @ubuntu_updates