Publishing details
Changelog
openssh (1:8.2p1-4ubuntu0.11) focal-security; urgency=medium
* SECURITY UPDATE: Supplemental groups not initialized
- debian/patches/CVE-2021-41617-1.patch: add initgroups()
before setresgid() in auth.c.
- debian/patches/CVE-2021-41617-2.patch: add grp.h in auth.c.
- CVE-2021-41617
* SECURITY UPDATE: command injection via shell metacharacters
- debian/patches/CVE-2023-51385.patch: ban user/hostnames with most
shell metacharacters in ssh.c.
- CVE-2023-51385
-- Marc Deslauriers <email address hidden> Tue, 02 Jan 2024 12:13:02 -0500
Builds
Built packages
-
openssh-client
secure shell (SSH) client, for secure access to remote machines
-
openssh-client-dbgsym
debug symbols for openssh-client
-
openssh-client-udeb
secure shell client for the Debian installer
-
openssh-server
secure shell (SSH) server, for secure access from remote machines
-
openssh-server-dbgsym
debug symbols for openssh-server
-
openssh-server-udeb
secure shell server for the Debian installer
-
openssh-sftp-server
secure shell (SSH) sftp server module, for SFTP access from remote machines
-
openssh-sftp-server-dbgsym
debug symbols for openssh-sftp-server
-
openssh-tests
OpenSSH regression tests
-
openssh-tests-dbgsym
debug symbols for openssh-tests
-
ssh
secure shell client and server (metapackage)
-
ssh-askpass-gnome
interactive X program to prompt users for a passphrase for ssh-add
-
ssh-askpass-gnome-dbgsym
debug symbols for ssh-askpass-gnome
Package files