UbuntuUpdates.org

Package "openssh"

Name: openssh

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • secure shell (SSH) client for legacy SSH1 protocol
  • interactive X program to prompt users for a passphrase for ssh-add
  • secure shell client and server (transitional package)

Latest version: 1:7.2p2-4ubuntu2.8
Release: xenial (16.04)
Level: security
Repository: universe

Links



Other versions of "openssh" in Xenial

Repository Area Version
base main 1:7.2p2-4
base universe 1:7.2p2-4
security main 1:7.2p2-4ubuntu2.8
updates main 1:7.2p2-4ubuntu2.10
updates universe 1:7.2p2-4ubuntu2.10

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:7.2p2-4ubuntu2.8 2019-03-04 19:07:11 UTC

  openssh (1:7.2p2-4ubuntu2.8) xenial-security; urgency=medium

  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

 -- Marc Deslauriers <email address hidden> Mon, 04 Mar 2019 07:50:38 -0500

Source diff to previous version
CVE-2019-6111 An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sen

Version: 1:7.2p2-4ubuntu2.7 2019-02-07 19:07:32 UTC

  openssh (1:7.2p2-4ubuntu2.7) xenial-security; urgency=medium

  * SECURITY UPDATE: access restrictions bypass in scp
    - debian/patches/CVE-2018-20685.patch: disallow empty filenames
      or ones that refer to the current directory in scp.c.
    - CVE-2018-20685
  * SECURITY UPDATE: scp client spoofing via object name
    - debian/patches/CVE-2019-6109.patch: make sure the filenames match
      the wildcard specified by the user, and add new flag to relax the new
      restrictions in scp.c, scp.1.
    - CVE-2019-6109
  * SECURITY UPDATE: scp client missing received object name validation
    - debian/patches/CVE-2019-6111-pre1.patch: backport snmprintf from
      newer OpenSSH in Makefile.in, utf8.c, utf8.h, configure.ac.
    - debian/patches/CVE-2019-6111-pre2.patch: update vis.h and vis.c from
      newer OpenSSH.
    - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
      snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
      scp.c, sftp-client.c.
    - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
      progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
    - CVE-2019-6111

 -- Marc Deslauriers <email address hidden> Thu, 31 Jan 2019 09:03:12 -0500

Source diff to previous version
CVE-2018-20685 In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename.
CVE-2019-6109 An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker)
CVE-2019-6111 An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sen

Version: 1:7.2p2-4ubuntu2.6 2018-11-06 15:06:22 UTC

  openssh (1:7.2p2-4ubuntu2.6) xenial-security; urgency=medium

  [ Ryan Finnie ]
  * SECURITY UPDATE: OpenSSH User Enumeration Vulnerability (LP: #1794629)
    - debian/patches/CVE-2018-15473.patch: delay bailout for invalid
      authenticating user until after the packet containing the request
      has been fully parsed.
    - CVE-2018-15473
  * SECURITY UPDATE: Privsep process chrashing via an out-of-sequence
    - debian/patches/CVE-2016-10708.patch: fix in kex.c,
      pack.c.
    - CVE-2016-10708

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 01 Nov 2018 16:16:02 -0300

Source diff to previous version
1794629 CVE-2018-15473 - User enumeration vulnerability
CVE-2018-15473 OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packe
CVE-2016-10708 sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NE

Version: 1:7.2p2-4ubuntu2.4 2018-01-22 18:06:46 UTC

  openssh (1:7.2p2-4ubuntu2.4) xenial-security; urgency=medium

  * SECURITY UPDATE: untrusted search path when loading PKCS#11 modules
    - debian/patches/CVE-2016-10009.patch: add a whitelist of paths from
      which ssh-agent will load a PKCS#11 module in ssh-agent.1,
      ssh-agent.c.
    - debian/patches/CVE-2016-10009-2.patch: fix deletion of PKCS#11 keys
      in ssh-agent.c.
    - debian/patches/CVE-2016-10009-3.patch: relax whitelist in
      ssh-agent.c.
    - debian/patches/CVE-2016-10009-4.patch: add missing label in
      ssh-agent.c.
    - CVE-2016-10009
  * SECURITY UPDATE: local privilege escalation via socket permissions when
    privilege separation is disabled
    - debian/patches/CVE-2016-10010.patch: disable Unix-domain socket
      forwarding when privsep is disabled in serverloop.c.
    - debian/patches/CVE-2016-10010-2.patch: unbreak Unix domain socket
      forwarding for root in serverloop.c.
    - CVE-2016-10010
  * SECURITY UPDATE: local information disclosure via effects of realloc on
    buffer contents
    - debian/patches/CVE-2016-10011-pre.patch: split allocation out of
      sshbuf_reserve() in sshbuf.c, sshbuf.h.
    - debian/patches/CVE-2016-10011.patch: pre-allocate the buffer used for
      loading keys in authfile.c.
    - CVE-2016-10011
  * SECURITY UPDATE: local privilege escalation via incorrect bounds check
    in shared memory manager
    - debian/patches/CVE-2016-10012-1.patch: remove support for
      pre-authentication compression in Makefile.in, monitor.c, monitor.h,
      monitor_mm.c, monitor_mm.h, monitor_wrap.h, myproposal.h, opacket.h,
      packet.c, packet.h, servconf.c, sshconnect2.c, sshd.c.
    - debian/patches/CVE-2016-10012-2.patch: restore pre-auth compression
      support in the client in kex.c, kex.h, packet.c, servconf.c,
      sshconnect2.c, sshd_config.5.
    - debian/patches/CVE-2016-10012-3.patch: put back some pre-auth zlib
      bits in kex.c, kex.h, packet.c.
    - CVE-2016-10012
  * SECURITY UPDATE: DoS via zero-length file creation in readonly mode
    - debian/patches/CVE-2017-15906.patch: disallow creation of empty files
      in sftp-server.c.
    - CVE-2017-15906

 -- Marc Deslauriers <email address hidden> Mon, 15 Jan 2018 09:50:38 -0500

Source diff to previous version
CVE-2016-10009 Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modu
CVE-2016-10010 sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to ga
CVE-2016-10011 authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtai
CVE-2016-10012 The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enfor
CVE-2017-15906 The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers

Version: 1:7.2p2-4ubuntu2.1 2016-08-15 18:07:13 UTC

  openssh (1:7.2p2-4ubuntu2.1) xenial-security; urgency=medium

  * SECURITY UPDATE: user enumeration via covert timing channel
    - debian/patches/CVE-2016-6210-1.patch: determine appropriate salt for
      invalid users in auth-passwd.c, openbsd-compat/xcrypt.c.
    - debian/patches/CVE-2016-6210-2.patch: mitigate timing of disallowed
      users PAM logins in auth-pam.c.
    - debian/patches/CVE-2016-6210-3.patch: search users for one with a
      valid salt in openbsd-compat/xcrypt.c.
    - CVE-2016-6210
  * SECURITY UPDATE: denial of service via long passwords
    - debian/patches/CVE-2016-6515.patch: skip passwords longer than 1k in
      length in auth-passwd.c.
    - CVE-2016-6515

 -- Marc Deslauriers <email address hidden> Thu, 11 Aug 2016 08:38:27 -0400

CVE-2016-6210 User enumeration via covert timing channel
CVE-2016-6515 The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows r



About   -   Send Feedback to @ubuntu_updates