Package "openssh"
Name: |
openssh
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- secure shell (SSH) client, for secure access to remote machines
- secure shell (SSH) server, for secure access from remote machines
- secure shell (SSH) sftp server module, for SFTP access from remote machines
- secure shell client and server (metapackage)
|
Latest version: |
1:7.2p2-4ubuntu2.10 |
Release: |
xenial (16.04) |
Level: |
updates |
Repository: |
main |
Links
Other versions of "openssh" in Xenial
Packages in group
Deleted packages are displayed in grey.
Changelog
openssh (1:7.2p2-4ubuntu2.10) xenial; urgency=medium
* Fix deadlock when AuthorizedKeysCommand produces a large output.
(LP: #1877454)
- d/p/authkeyscommand-deadlock-01.patch: Make sure to call fclose(2)
and assign NULL to the file handler used to read
"Authorized{Keys,Principal}Command" directives.
- d/p/authkeyscommand-deadlock-02.patch: Consume entire output
generated by the command pointed by
"Authorized{Keys,Principal}Command" in order to avoid sending a
SIGPIPE to the process.
|
Source diff to previous version |
1877454 |
openssh-server hangs with AuthorizedKeysCommand |
|
openssh (1:7.2p2-4ubuntu2.8) xenial-security; urgency=medium
* SECURITY UPDATE: Incomplete fix for CVE-2019-6111
- debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
check in scp.c.
- CVE-2019-6111
* Fixed inverted CVE numbers in patch filenames and in previous
changelog.
-- Marc Deslauriers <email address hidden> Mon, 04 Mar 2019 07:50:38 -0500
|
Source diff to previous version |
CVE-2019-6111 |
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sen |
|
openssh (1:7.2p2-4ubuntu2.7) xenial-security; urgency=medium
* SECURITY UPDATE: access restrictions bypass in scp
- debian/patches/CVE-2018-20685.patch: disallow empty filenames
or ones that refer to the current directory in scp.c.
- CVE-2018-20685
* SECURITY UPDATE: scp client spoofing via object name
- debian/patches/CVE-2019-6109.patch: make sure the filenames match
the wildcard specified by the user, and add new flag to relax the new
restrictions in scp.c, scp.1.
- CVE-2019-6109
* SECURITY UPDATE: scp client missing received object name validation
- debian/patches/CVE-2019-6111-pre1.patch: backport snmprintf from
newer OpenSSH in Makefile.in, utf8.c, utf8.h, configure.ac.
- debian/patches/CVE-2019-6111-pre2.patch: update vis.h and vis.c from
newer OpenSSH.
- debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
scp.c, sftp-client.c.
- debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
- CVE-2019-6111
-- Marc Deslauriers <email address hidden> Thu, 31 Jan 2019 09:03:12 -0500
|
Source diff to previous version |
CVE-2018-20685 |
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. |
CVE-2019-6109 |
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) |
CVE-2019-6111 |
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sen |
|
openssh (1:7.2p2-4ubuntu2.6) xenial-security; urgency=medium
[ Ryan Finnie ]
* SECURITY UPDATE: OpenSSH User Enumeration Vulnerability (LP: #1794629)
- debian/patches/CVE-2018-15473.patch: delay bailout for invalid
authenticating user until after the packet containing the request
has been fully parsed.
- CVE-2018-15473
* SECURITY UPDATE: Privsep process chrashing via an out-of-sequence
- debian/patches/CVE-2016-10708.patch: fix in kex.c,
pack.c.
- CVE-2016-10708
-- <email address hidden> (Leonidas S. Barbosa) Thu, 01 Nov 2018 16:16:02 -0300
|
Source diff to previous version |
1794629 |
CVE-2018-15473 - User enumeration vulnerability |
CVE-2018-15473 |
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packe |
CVE-2016-10708 |
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NE |
|
openssh (1:7.2p2-4ubuntu2.5) xenial; urgency=medium
* debian/systemd/ssh.service: Test configuration before starting or
reloading sshd (LP: #1771340)
-- Karl Stenerud <email address hidden> Tue, 21 Aug 2018 10:45:26 -0700
|
1771340 |
sshd failed on config reload |
|
About
-
Send Feedback to @ubuntu_updates