Change logs for openssh source package in Xenial

  • openssh (1:7.2p2-4ubuntu2.8) xenial-security; urgency=medium
      * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
        - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
          check in scp.c.
        - CVE-2019-6111
      * Fixed inverted CVE numbers in patch filenames and in previous
     -- Marc Deslauriers <email address hidden>  Mon, 04 Mar 2019 07:50:38 -0500
  • openssh (1:7.2p2-4ubuntu2.7) xenial-security; urgency=medium
      * SECURITY UPDATE: access restrictions bypass in scp
        - debian/patches/CVE-2018-20685.patch: disallow empty filenames
          or ones that refer to the current directory in scp.c.
        - CVE-2018-20685
      * SECURITY UPDATE: scp client spoofing via object name
        - debian/patches/CVE-2019-6109.patch: make sure the filenames match
          the wildcard specified by the user, and add new flag to relax the new
          restrictions in scp.c, scp.1.
        - CVE-2019-6109
      * SECURITY UPDATE: scp client missing received object name validation
        - debian/patches/CVE-2019-6111-pre1.patch: backport snmprintf from
          newer OpenSSH in, utf8.c, utf8.h,
        - debian/patches/CVE-2019-6111-pre2.patch: update vis.h and vis.c from
          newer OpenSSH.
        - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
          snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
          scp.c, sftp-client.c.
        - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
          progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
        - CVE-2019-6111
     -- Marc Deslauriers <email address hidden>  Thu, 31 Jan 2019 09:03:12 -0500
  • openssh (1:7.2p2-4ubuntu2.6) xenial-security; urgency=medium
      [ Ryan Finnie ]
      * SECURITY UPDATE: OpenSSH User Enumeration Vulnerability (LP: #1794629)
        - debian/patches/CVE-2018-15473.patch: delay bailout for invalid
          authenticating user until after the packet containing the request
          has been fully parsed.
        - CVE-2018-15473
      * SECURITY UPDATE: Privsep process chrashing via an out-of-sequence
        - debian/patches/CVE-2016-10708.patch: fix in kex.c,
        - CVE-2016-10708
     -- <email address hidden> (Leonidas S. Barbosa)  Thu, 01 Nov 2018 16:16:02 -0300
  • openssh (1:7.2p2-4ubuntu2.5) xenial; urgency=medium
      * debian/systemd/ssh.service: Test configuration before starting or
        reloading sshd (LP: #1771340)
     -- Karl Stenerud <email address hidden>  Tue, 21 Aug 2018 10:45:26 -0700
  • openssh (1:7.2p2-4ubuntu2.4) xenial-security; urgency=medium
      * SECURITY UPDATE: untrusted search path when loading PKCS#11 modules
        - debian/patches/CVE-2016-10009.patch: add a whitelist of paths from
          which ssh-agent will load a PKCS#11 module in ssh-agent.1,
        - debian/patches/CVE-2016-10009-2.patch: fix deletion of PKCS#11 keys
          in ssh-agent.c.
        - debian/patches/CVE-2016-10009-3.patch: relax whitelist in
        - debian/patches/CVE-2016-10009-4.patch: add missing label in
        - CVE-2016-10009
      * SECURITY UPDATE: local privilege escalation via socket permissions when
        privilege separation is disabled
        - debian/patches/CVE-2016-10010.patch: disable Unix-domain socket
          forwarding when privsep is disabled in serverloop.c.
        - debian/patches/CVE-2016-10010-2.patch: unbreak Unix domain socket
          forwarding for root in serverloop.c.
        - CVE-2016-10010
      * SECURITY UPDATE: local information disclosure via effects of realloc on
        buffer contents
        - debian/patches/CVE-2016-10011-pre.patch: split allocation out of
          sshbuf_reserve() in sshbuf.c, sshbuf.h.
        - debian/patches/CVE-2016-10011.patch: pre-allocate the buffer used for
          loading keys in authfile.c.
        - CVE-2016-10011
      * SECURITY UPDATE: local privilege escalation via incorrect bounds check
        in shared memory manager
        - debian/patches/CVE-2016-10012-1.patch: remove support for
          pre-authentication compression in, monitor.c, monitor.h,
          monitor_mm.c, monitor_mm.h, monitor_wrap.h, myproposal.h, opacket.h,
          packet.c, packet.h, servconf.c, sshconnect2.c, sshd.c.
        - debian/patches/CVE-2016-10012-2.patch: restore pre-auth compression
          support in the client in kex.c, kex.h, packet.c, servconf.c,
          sshconnect2.c, sshd_config.5.
        - debian/patches/CVE-2016-10012-3.patch: put back some pre-auth zlib
          bits in kex.c, kex.h, packet.c.
        - CVE-2016-10012
      * SECURITY UPDATE: DoS via zero-length file creation in readonly mode
        - debian/patches/CVE-2017-15906.patch: disallow creation of empty files
          in sftp-server.c.
        - CVE-2017-15906
     -- Marc Deslauriers <email address hidden>  Mon, 15 Jan 2018 09:50:38 -0500
  • openssh (1:7.2p2-4ubuntu2.2) xenial; urgency=medium
      * Fix ssh-keygen -H accidentally corrupting known_hosts that contained
        already-hashed entries (LP: #1668093).
      * Fix ssh-keyscan to correctly hash hosts with a port number (LP: #1670745).
     -- Christian Ehrhardt <email address hidden>  Wed, 15 Mar 2017 13:16:56 +0100
  • openssh (1:7.2p2-4ubuntu2.1) xenial-security; urgency=medium
      * SECURITY UPDATE: user enumeration via covert timing channel
        - debian/patches/CVE-2016-6210-1.patch: determine appropriate salt for
          invalid users in auth-passwd.c, openbsd-compat/xcrypt.c.
        - debian/patches/CVE-2016-6210-2.patch: mitigate timing of disallowed
          users PAM logins in auth-pam.c.
        - debian/patches/CVE-2016-6210-3.patch: search users for one with a
          valid salt in openbsd-compat/xcrypt.c.
        - CVE-2016-6210
      * SECURITY UPDATE: denial of service via long passwords
        - debian/patches/CVE-2016-6515.patch: skip passwords longer than 1k in
          length in auth-passwd.c.
        - CVE-2016-6515
     -- Marc Deslauriers <email address hidden>  Thu, 11 Aug 2016 08:38:27 -0400
  • openssh (1:7.2p2-4ubuntu2) xenial; urgency=medium
      * debian/openssh-server.if-up: Don't block on a finished reload of
        openssh.service, to avoid deadlocking with restarting networking.
        (Closes: #832557, LP: #1584393)
     -- Martin Pitt <email address hidden>  Sun, 31 Jul 2016 10:51:01 +0200
  • openssh (1:7.2p2-4ubuntu1) xenial; urgency=medium
      * Backport upstream patch to unbreak authentication using lone certificate
        keys in ssh-agent: when attempting pubkey auth with a certificate, if no
        separate private key is found among the keys then try with the
        certificate key itself (thanks, Paul Querna; LP: #1575961).
     -- Colin Watson <email address hidden>  Thu, 28 Apr 2016 01:57:51 +0100
  • openssh (1:7.2p2-4) unstable; urgency=medium
      * Drop dependency on libnss-files-udeb (closes: #819686).
      * Policy version 3.9.7: no changes required.
     -- Colin Watson <email address hidden>  Fri, 15 Apr 2016 16:40:07 +0100
  • openssh (1:7.2p2-3) unstable; urgency=high
      * Change all references to (closes: #819213).
      * CVE-2015-8325: Ignore PAM environment vars when UseLogin=yes.
     -- Colin Watson <email address hidden>  Wed, 13 Apr 2016 16:42:28 +0100
  • openssh (1:7.2p2-2) unstable; urgency=medium
      * Fix kexgss_server to cope with DH_GRP_MIN/DH_GRP_MAX being stricter on
        the server end than the client (thanks, Damien Miller; closes: #817870,
        LP: #1558576).
     -- Colin Watson <email address hidden>  Mon, 21 Mar 2016 12:08:55 +0000
  • openssh (1:7.2p2-1) unstable; urgency=high
      * New upstream release (
        - SECURITY: sshd(8): Sanitise X11 authentication credentials to avoid
          xauth command injection when X11Forwarding is enabled
     -- Colin Watson <email address hidden>  Thu, 10 Mar 2016 13:04:29 +0000
  • openssh (1:7.2p1-1) unstable; urgency=medium
      * New upstream release (
        - This release disables a number of legacy cryptographic algorithms by
          default in ssh:
          + Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants and
            the rijndael-cbc aliases for AES.
          + MD5-based and truncated HMAC algorithms.
          These algorithms are already disabled by default in sshd.
        - ssh(1), sshd(8): Remove unfinished and unused roaming code (was
          already forcibly disabled in OpenSSH 7.1p2).
        - ssh(1): Eliminate fallback from untrusted X11 forwarding to trusted
          forwarding when the X server disables the SECURITY extension.
        - ssh(1), sshd(8): Increase the minimum modulus size supported for
          diffie-hellman-group-exchange to 2048 bits.
        - sshd(8): Pre-auth sandboxing is now enabled by default (previous
          releases enabled it for new installations via sshd_config).
        - all: Add support for RSA signatures using SHA-256/512 hash algorithms
          based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt.
        - ssh(1): Add an AddKeysToAgent client option which can be set to 'yes',
          'no', 'ask', or 'confirm', and defaults to 'no'.  When enabled, a
          private key that is used during authentication will be added to
          ssh-agent if it is running (with confirmation enabled if set to
        - sshd(8): Add a new authorized_keys option "restrict" that includes all
          current and future key restrictions (no-*-forwarding, etc.).  Also add
          permissive versions of the existing restrictions, e.g.  "no-pty" ->
          "pty".  This simplifies the task of setting up restricted keys and
          ensures they are maximally-restricted, regardless of any permissions
          we might implement in the future.
        - ssh(1): Add ssh_config CertificateFile option to explicitly list
        - ssh-keygen(1): Allow ssh-keygen to change the key comment for all
          supported formats (closes: #811125).
        - ssh-keygen(1): Allow fingerprinting from standard input, e.g.
          "ssh-keygen -lf -" (closes: #509058).
        - ssh-keygen(1): Allow fingerprinting multiple public keys in a file,
          e.g. "ssh-keygen -lf ~/.ssh/authorized_keys".
        - sshd(8): Support "none" as an argument for sshd_config Foreground and
          ChrootDirectory.  Useful inside Match blocks to override a global
        - ssh-keygen(1): Support multiple certificates (one per line) and
          reading from standard input (using "-f -") for "ssh-keygen -L"
        - ssh-keyscan(1): Add "ssh-keyscan -c ..." flag to allow fetching
          certificates instead of plain keys.
        - ssh(1): Better handle anchored FQDNs (e.g. '') in
          hostname canonicalisation - treat them as already canonical and remove
          the trailing '.' before matching ssh_config.
        - sftp(1): Existing destination directories should not terminate
          recursive uploads (regression in OpenSSH 6.8; LP: #1553378).
      * Use HTTPS for Vcs-* URLs, and link to cgit rather than gitweb.
      * Restore slogin symlinks for compatibility, although they were removed
     -- Colin Watson <email address hidden>  Tue, 08 Mar 2016 11:47:20 +0000
  • openssh (1:7.1p2-2) unstable; urgency=medium
      * Remove protocol 1 host key generation from openssh-server.postinst
        (closes: #811265).
     -- Colin Watson <email address hidden>  Sun, 17 Jan 2016 14:10:19 +0000
  • openssh (1:7.1p2-1) unstable; urgency=high
      * New upstream release (
        - CVE-2016-0777, CVE-2016-0778: Disable experimental client-side support
          for roaming, which could be tricked by a malicious server into leaking
          client memory to the server, including private client user keys; this
          information leak is restricted to connections to malicious or
          compromised servers (closes: #810984).
        - SECURITY: Fix an out of-bound read access in the packet handling code.
          Reported by Ben Hawkes.
        - Further use of explicit_bzero has been added in various buffer
          handling code paths to guard against compilers aggressively doing
          dead-store removal.
     -- Colin Watson <email address hidden>  Thu, 14 Jan 2016 15:28:03 +0000
  • openssh (1:7.1p1-6) unstable; urgency=medium
      [ Colin Watson ]
      * Remove explicit "XS-Testsuite: autopkgtest" from debian/control;
        dpkg-source now figures that out automatically based on the existence of
      * Allow authenticating as root using gssapi-keyex even with
        "PermitRootLogin prohibit-password" (closes: #809695).
      * Shuffle PROPOSAL_KEX_ALGS mangling for GSSAPI key exchange a little
        later in ssh_kex2 so that it's actually effective (closes: #809696).
      [ Michael Biebl ]
      * Don't call sd_notify when sshd is re-execed (closes: #809035).
     -- Colin Watson <email address hidden>  Mon, 04 Jan 2016 15:09:10 +0000
  • openssh (1:7.1p1-5) unstable; urgency=medium
      [ Michael Biebl ]
      * Add systemd readiness notification support (closes: #778913).
     -- Colin Watson <email address hidden>  Mon, 21 Dec 2015 22:10:07 +0000
  • openssh (1:7.1p1-4) unstable; urgency=medium
      * Backport upstream patch to unbreak connections with peers that set
        first_kex_follows (LP: #1526357).
     -- Colin Watson <email address hidden>  Tue, 15 Dec 2015 15:40:18 +0000
  • openssh (1:7.1p1-3) unstable; urgency=medium
      * Drop priority of openssh-client-ssh1 to extra (closes: #807518).
      * Redirect regression test input from /dev/zero, since otherwise conch
        will immediately send EOF.
     -- Colin Watson <email address hidden>  Thu, 10 Dec 2015 15:12:10 +0000
  • openssh (1:7.1p1-2) unstable; urgency=medium
      * Really enable conch interoperability tests under autopkgtest.
      * Drop SSH1 keepalive patch.  Now that SSH1 is disabled at compile-time,
        it's been rejected upstream and there isn't much point carrying it any
      * Add NEWS.Debian documenting cryptographic changes in OpenSSH 7.0
        (closes: #806962).
      * Add an openssh-client-ssh1 binary package for people who need to connect
        to outdated SSH1-only servers (closes: #807107).
      * Update "Subsystem sftp" path in example sshd_config (closes: #691004,
        LP: #1437005).
     -- Colin Watson <email address hidden>  Tue, 08 Dec 2015 15:33:08 +0000
  • openssh (1:7.1p1-1) unstable; urgency=medium
      * New upstream release (, closes:
        - Support for the legacy SSH version 1 protocol is disabled by default
          at compile time.
        - Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is
          disabled by default at run-time.  It may be re-enabled using the
          instructions at
        - Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by
          default at run-time.  These may be re-enabled using the instructions
        - Support for the legacy v00 cert format has been removed.
        - The default for the sshd_config(5) PermitRootLogin option has changed
          from "yes" to "prohibit-password".
        - PermitRootLogin=without-password/prohibit-password now bans all
          interactive authentication methods, allowing only public-key,
          hostbased and GSSAPI authentication (previously it permitted
          keyboard-interactive and password-less authentication if those were
        - ssh_config(5): Add PubkeyAcceptedKeyTypes option to control which
          public key types are available for user authentication.
        - sshd_config(5): Add HostKeyAlgorithms option to control which public
          key types are offered for host authentications.
        - ssh(1), sshd(8): Extend Ciphers, MACs, KexAlgorithms,
          HostKeyAlgorithms, PubkeyAcceptedKeyTypes and HostbasedKeyTypes
          options to allow appending to the default set of algorithms instead of
          replacing it.  Options may now be prefixed with a '+' to append to the
          default, e.g. "HostKeyAlgorithms=+ssh-dss".
        - sshd_config(5): PermitRootLogin now accepts an argument of
          'prohibit-password' as a less-ambiguous synonym of 'without-
        - ssh(1), sshd(8): Add compatability workarounds for Cisco and more
          PuTTY versions.
        - Fix some omissions and errors in the PROTOCOL and PROTOCOL.mux
          documentation relating to Unix domain socket forwarding.
        - ssh(1): Improve the ssh(1) manual page to include a better description
          of Unix domain socket forwarding (closes: #779068).
        - ssh(1), ssh-agent(1): Skip uninitialised PKCS#11 slots, fixing
          failures to load keys when they are present.
        - ssh(1), ssh-agent(1): Do not ignore PKCS#11 hosted keys that wth empty
        - sshd(8): Clarify documentation for UseDNS option.
        - Check realpath(3) behaviour matches what sftp-server requires and use
          a replacement if necessary.
      * New upstream release (
        - sshd(8): OpenSSH 7.0 contained a logic error in PermitRootLogin=
          prohibit-password/without-password that could, depending on
          compile-time configuration, permit password authentication to root
          while preventing other forms of authentication.  This problem was
          reported by Mantas Mikulenas.
        - ssh(1), sshd(8): Add compatibility workarounds for FuTTY.
        - ssh(1), sshd(8): Refine compatibility workarounds for WinSCP.
        - Fix a number of memory faults (double-free, free of uninitialised
          memory, etc) in ssh(1) and ssh-keygen(1).  Reported by Mateusz
      * Change "PermitRootLogin without-password" to the new preferred spelling
        of "PermitRootLogin prohibit-password" in sshd_config, and update
        documentation to reflect the new upstream default.
      * Enable conch interoperability tests under autopkgtest.
     -- Colin Watson <email address hidden>  Wed, 02 Dec 2015 20:18:35 +0000
  • openssh (1:6.9p1-3) unstable; urgency=medium
      * ssh_config(5): Fix markup errors in description of GSSAPITrustDns
        (closes: #799271).
      * Fix dh_install and dh_fixperms overrides to work properly with an
        architecture-independent-only build (closes: #806090).
      * Do much less work in architecture-independent-only builds.
      * Drop ConsoleKit session registration patch; it was only ever enabled for
        Ubuntu, which no longer needs it (LP: #1334916, #1502045).
     -- Colin Watson <email address hidden>  Tue, 24 Nov 2015 22:48:53 +0000
  • openssh (1:6.9p1-2) unstable; urgency=medium
      [ Colin Watson ]
      * mention-ssh-keygen-on-keychange.patch: Move example ssh-keygen
        invocation onto a separate line to make it easier to copy and paste
        (LP: #1491532).
      [ Tyler Hicks ]
      * Build with audit support on Linux (closes: #797727, LP: #1478087).
     -- Colin Watson <email address hidden>  Thu, 10 Sep 2015 12:26:11 +0100