-
openssh (1:8.4p1-5+deb11u3) bullseye-security; urgency=medium
* Cherry-pick from upstream:
- [CVE-2021-41617]: sshd(8) from OpenSSH 6.2 through 8.7 failed to
correctly initialise supplemental groups when executing an
AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a
AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive
has been set to run the command as a different user. Instead these
commands would inherit the groups that sshd(8) was started with
(closes: #995130).
- [CVE-2023-48795] ssh(1), sshd(8): implement protocol extensions to
thwart the so-called "Terrapin attack" discovered by Fabian Bäumer,
Marcus Brinkmann and Jörg Schwenk. This attack allows a MITM to effect
a limited break of the integrity of the early encrypted SSH transport
protocol by sending extra messages prior to the commencement of
encryption, and deleting an equal number of consecutive messages
immediately after encryption starts. A peer SSH client/server would
not be able to detect that messages were deleted.
- [CVE-2023-51385] ssh(1): if an invalid user or hostname that contained
shell metacharacters was passed to ssh(1), and a ProxyCommand,
LocalCommand directive or "match exec" predicate referenced the user
or hostname via %u, %h or similar expansion token, then an attacker
who could supply arbitrary user/hostnames to ssh(1) could potentially
perform command injection depending on what quoting was present in the
user-supplied ssh_config(5) directive. ssh(1) now bans most shell
metacharacters from user and hostnames supplied via the command-line.
-- Colin Watson <email address hidden> Thu, 21 Dec 2023 16:09:44 +0000
-
openssh (1:8.4p1-5+deb11u2) bullseye; urgency=medium
* Cherry-pick from OpenSSH 9.3p2:
- [CVE-2023-38408] Fix a condition where specific libraries loaded via
ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code
execution via a forwarded agent socket (closes: #1042460).
-- Colin Watson <email address hidden> Sat, 23 Sep 2023 23:13:51 +0100
-
openssh (1:8.4p1-5+deb11u1) bullseye; urgency=medium
* Backport from upstream:
- Add new pselect6_time64 syscall on 32-bit architectures (closes:
#1004427).
-- Colin Watson <email address hidden> Fri, 01 Jul 2022 23:37:41 +0100
-
openssh (1:8.4p1-5) unstable; urgency=high
* CVE-2021-28041: Fix double free in ssh-agent(1) (closes: #984940).
-- Colin Watson <email address hidden> Sat, 13 Mar 2021 09:59:40 +0000