Format: 1.8 Date: Mon, 15 Jan 2018 09:50:38 -0500 Source: openssh Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: armhf armhf_translations Version: 1:7.2p2-4ubuntu2.4 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Changes: openssh (1:7.2p2-4ubuntu2.4) xenial-security; urgency=medium . * SECURITY UPDATE: untrusted search path when loading PKCS#11 modules - debian/patches/CVE-2016-10009.patch: add a whitelist of paths from which ssh-agent will load a PKCS#11 module in ssh-agent.1, ssh-agent.c. - debian/patches/CVE-2016-10009-2.patch: fix deletion of PKCS#11 keys in ssh-agent.c. - debian/patches/CVE-2016-10009-3.patch: relax whitelist in ssh-agent.c. - debian/patches/CVE-2016-10009-4.patch: add missing label in ssh-agent.c. - CVE-2016-10009 * SECURITY UPDATE: local privilege escalation via socket permissions when privilege separation is disabled - debian/patches/CVE-2016-10010.patch: disable Unix-domain socket forwarding when privsep is disabled in serverloop.c. - debian/patches/CVE-2016-10010-2.patch: unbreak Unix domain socket forwarding for root in serverloop.c. - CVE-2016-10010 * SECURITY UPDATE: local information disclosure via effects of realloc on buffer contents - debian/patches/CVE-2016-10011-pre.patch: split allocation out of sshbuf_reserve() in sshbuf.c, sshbuf.h. - debian/patches/CVE-2016-10011.patch: pre-allocate the buffer used for loading keys in authfile.c. - CVE-2016-10011 * SECURITY UPDATE: local privilege escalation via incorrect bounds check in shared memory manager - debian/patches/CVE-2016-10012-1.patch: remove support for pre-authentication compression in Makefile.in, monitor.c, monitor.h, monitor_mm.c, monitor_mm.h, monitor_wrap.h, myproposal.h, opacket.h, packet.c, packet.h, servconf.c, sshconnect2.c, sshd.c. - debian/patches/CVE-2016-10012-2.patch: restore pre-auth compression support in the client in kex.c, kex.h, packet.c, servconf.c, sshconnect2.c, sshd_config.5. - debian/patches/CVE-2016-10012-3.patch: put back some pre-auth zlib bits in kex.c, kex.h, packet.c. - CVE-2016-10012 * SECURITY UPDATE: DoS via zero-length file creation in readonly mode - debian/patches/CVE-2017-15906.patch: disallow creation of empty files in sftp-server.c. - CVE-2017-15906 Checksums-Sha1: 1afa284cf8eab5fc27d48c4fa94f64daf556ebd3 1064516 openssh-client-dbgsym_7.2p2-4ubuntu2.4_armhf.ddeb 3a2e358d77f63e81b793efcef08bd42c934d7524 628940 openssh-client-ssh1-dbgsym_7.2p2-4ubuntu2.4_armhf.ddeb eef693712baea128f0b336eab8358214027abfc8 318270 openssh-client-ssh1_7.2p2-4ubuntu2.4_armhf.deb ccdd639881ae177046a19559b38bfa140303a32f 508598 openssh-client-udeb-dbgsym_7.2p2-4ubuntu2.4_armhf.ddeb 1dfa45633ccd23eef7501a69c656f5c4ca79c114 249864 openssh-client-udeb_7.2p2-4ubuntu2.4_armhf.udeb 7801579bf6cb0ae568f701bbc3d289e29e5f9e2c 551356 openssh-client_7.2p2-4ubuntu2.4_armhf.deb eee796d544ead0ac38ac5d76e55e353aeab35f34 567098 openssh-server-dbgsym_7.2p2-4ubuntu2.4_armhf.ddeb d12526897658ade8d5bd318a0088363c88253ce6 563638 openssh-server-udeb-dbgsym_7.2p2-4ubuntu2.4_armhf.ddeb adcec9894a14ac340fb82d2f1f36fd041fa89e4a 260188 openssh-server-udeb_7.2p2-4ubuntu2.4_armhf.udeb 7e7796d8cb6e1a18c82863aed85cc78f34110d2a 332572 openssh-server_7.2p2-4ubuntu2.4_armhf.deb 215898c1ed00ce6caf177abd883314ae4b16bdb5 76320 openssh-sftp-server-dbgsym_7.2p2-4ubuntu2.4_armhf.ddeb 2d99ea377c6f006d50eed0e5967ef56278c91cc4 34514 openssh-sftp-server_7.2p2-4ubuntu2.4_armhf.deb a1fc3670e27320e3811b279d2e574cd8d27fa4d2 8466 openssh_7.2p2-4ubuntu2.4_armhf_translations.tar.gz 6f9e0839113e9d9b1c24c8105321c5e7eec38048 11780 ssh-askpass-gnome-dbgsym_7.2p2-4ubuntu2.4_armhf.ddeb c38f935a6b60ab32efdcdc269106e74a723e317f 14052 ssh-askpass-gnome_7.2p2-4ubuntu2.4_armhf.deb Checksums-Sha256: f48f127687ee7a4c4a79f704360cf9e90d8bbd7f8ae12b23c0622bcb8d5a83d4 1064516 openssh-client-dbgsym_7.2p2-4ubuntu2.4_armhf.ddeb 32af3e6485aa3baa31c55701621b7b96de0eb23287263185a9fe7bfa51beb35b 628940 openssh-client-ssh1-dbgsym_7.2p2-4ubuntu2.4_armhf.ddeb aa66c23a0ee288c832739b7dd6480af693935c29fe86dd6d09e56e6b3092d446 318270 openssh-client-ssh1_7.2p2-4ubuntu2.4_armhf.deb c5d7eaee7b406f8b8d138b2dc573f02c2d67105f130754cba62fc79d7b102e76 508598 openssh-client-udeb-dbgsym_7.2p2-4ubuntu2.4_armhf.ddeb bcb8e46d90065451f6f202cde97e36a262b26424ac178a3880b646b52306a35e 249864 openssh-client-udeb_7.2p2-4ubuntu2.4_armhf.udeb 6e91df4fa8397f47cd386f3d9f30cf9f54acba9563335db1568547c05364c9d8 551356 openssh-client_7.2p2-4ubuntu2.4_armhf.deb 5983dcd99d12856dd8b1849db92df2e871183f206cbdc4bb435cd8ea9af96954 567098 openssh-server-dbgsym_7.2p2-4ubuntu2.4_armhf.ddeb 87838c2c9aec52b482c764c9a043675451071202353763d5b232a36bdbc8f7b7 563638 openssh-server-udeb-dbgsym_7.2p2-4ubuntu2.4_armhf.ddeb 47eed78e949ef270d21f59ff72efe405527e927d39d34ec62a0c7e26c5ff82f1 260188 openssh-server-udeb_7.2p2-4ubuntu2.4_armhf.udeb 305d5a71c917bef7b2fd4c21778c87924330eed4b1dd1785f3d841bd20238fce 332572 openssh-server_7.2p2-4ubuntu2.4_armhf.deb 9ae5877109c55d6fbcef55a966c8f23a0366ed7b4e061fc8c2f0897456508870 76320 openssh-sftp-server-dbgsym_7.2p2-4ubuntu2.4_armhf.ddeb 575d2477b06007248927ca42759075cd30172154e01a22adea77847392a27557 34514 openssh-sftp-server_7.2p2-4ubuntu2.4_armhf.deb 5fb5ae53da0dc309a378a21d30bb6b126bb63f7caa06bf5dc6d3ee4290715944 8466 openssh_7.2p2-4ubuntu2.4_armhf_translations.tar.gz 7ab8e96dcd783a0b08305e44679d8273970ab58295f819e600038d108c81f259 11780 ssh-askpass-gnome-dbgsym_7.2p2-4ubuntu2.4_armhf.ddeb b508f50c6047eb480375a77d1419fc12d127fde05d14fc4869e60f6a0a1d1cda 14052 ssh-askpass-gnome_7.2p2-4ubuntu2.4_armhf.deb Files: 8c1ad6a2ae00b6518c3aca187d7a6557 1064516 net extra openssh-client-dbgsym_7.2p2-4ubuntu2.4_armhf.ddeb 38a3cc0f4bece88254800b02adad25ef 628940 net extra openssh-client-ssh1-dbgsym_7.2p2-4ubuntu2.4_armhf.ddeb ebdc6ef513f2ec8503b16de037e4bd8f 318270 net extra openssh-client-ssh1_7.2p2-4ubuntu2.4_armhf.deb db6aee6d358958ad1448f58ce7fa41d1 508598 debian-installer extra openssh-client-udeb-dbgsym_7.2p2-4ubuntu2.4_armhf.ddeb df1441f4334fafd3e5c3fddee2e9ea45 249864 debian-installer optional openssh-client-udeb_7.2p2-4ubuntu2.4_armhf.udeb 51f5353bd1f4f2cef986476a75a037b9 551356 net standard openssh-client_7.2p2-4ubuntu2.4_armhf.deb 20e583390a8092b0c5f028b4237312f7 567098 net extra openssh-server-dbgsym_7.2p2-4ubuntu2.4_armhf.ddeb da55c3672bf05a50f638aa1610e917ea 563638 debian-installer extra openssh-server-udeb-dbgsym_7.2p2-4ubuntu2.4_armhf.ddeb efd420acce8f688ee2b5e6f1499bc3fa 260188 debian-installer optional openssh-server-udeb_7.2p2-4ubuntu2.4_armhf.udeb 4d6b636f04b75a41ceaf1c9d2802e15d 332572 net optional openssh-server_7.2p2-4ubuntu2.4_armhf.deb 65212f7455d415caaa0d45b56e2c6f0d 76320 net extra openssh-sftp-server-dbgsym_7.2p2-4ubuntu2.4_armhf.ddeb 0a5dce5b1bd7c8c1e0e12c281055c9c3 34514 net optional openssh-sftp-server_7.2p2-4ubuntu2.4_armhf.deb f327fc1d8d2b4c395cf260af3416853e 8466 raw-translations - openssh_7.2p2-4ubuntu2.4_armhf_translations.tar.gz 35956c152b082246fb2fab8f6a8001ad 11780 gnome extra ssh-askpass-gnome-dbgsym_7.2p2-4ubuntu2.4_armhf.ddeb d76eb71528794801d212a40ebc763990 14052 gnome optional ssh-askpass-gnome_7.2p2-4ubuntu2.4_armhf.deb Original-Maintainer: Debian OpenSSH Maintainers