Format: 1.8 Date: Mon, 15 Jan 2018 09:50:38 -0500 Source: openssh Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: i386 i386_translations Version: 1:7.2p2-4ubuntu2.4 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Changes: openssh (1:7.2p2-4ubuntu2.4) xenial-security; urgency=medium . * SECURITY UPDATE: untrusted search path when loading PKCS#11 modules - debian/patches/CVE-2016-10009.patch: add a whitelist of paths from which ssh-agent will load a PKCS#11 module in ssh-agent.1, ssh-agent.c. - debian/patches/CVE-2016-10009-2.patch: fix deletion of PKCS#11 keys in ssh-agent.c. - debian/patches/CVE-2016-10009-3.patch: relax whitelist in ssh-agent.c. - debian/patches/CVE-2016-10009-4.patch: add missing label in ssh-agent.c. - CVE-2016-10009 * SECURITY UPDATE: local privilege escalation via socket permissions when privilege separation is disabled - debian/patches/CVE-2016-10010.patch: disable Unix-domain socket forwarding when privsep is disabled in serverloop.c. - debian/patches/CVE-2016-10010-2.patch: unbreak Unix domain socket forwarding for root in serverloop.c. - CVE-2016-10010 * SECURITY UPDATE: local information disclosure via effects of realloc on buffer contents - debian/patches/CVE-2016-10011-pre.patch: split allocation out of sshbuf_reserve() in sshbuf.c, sshbuf.h. - debian/patches/CVE-2016-10011.patch: pre-allocate the buffer used for loading keys in authfile.c. - CVE-2016-10011 * SECURITY UPDATE: local privilege escalation via incorrect bounds check in shared memory manager - debian/patches/CVE-2016-10012-1.patch: remove support for pre-authentication compression in Makefile.in, monitor.c, monitor.h, monitor_mm.c, monitor_mm.h, monitor_wrap.h, myproposal.h, opacket.h, packet.c, packet.h, servconf.c, sshconnect2.c, sshd.c. - debian/patches/CVE-2016-10012-2.patch: restore pre-auth compression support in the client in kex.c, kex.h, packet.c, servconf.c, sshconnect2.c, sshd_config.5. - debian/patches/CVE-2016-10012-3.patch: put back some pre-auth zlib bits in kex.c, kex.h, packet.c. - CVE-2016-10012 * SECURITY UPDATE: DoS via zero-length file creation in readonly mode - debian/patches/CVE-2017-15906.patch: disallow creation of empty files in sftp-server.c. - CVE-2017-15906 Checksums-Sha1: eb1ed422bc91a77a7a07d59c7cec21013001ea0e 942364 openssh-client-dbgsym_7.2p2-4ubuntu2.4_i386.ddeb 7f74fe2f236162f319479b392c951d1243912edd 560630 openssh-client-ssh1-dbgsym_7.2p2-4ubuntu2.4_i386.ddeb 53e6233c714c7498f11b5da04594dc627f9d659a 372154 openssh-client-ssh1_7.2p2-4ubuntu2.4_i386.deb b5e4b47518a76943f25d866b88b5486f0ea0cde1 441044 openssh-client-udeb-dbgsym_7.2p2-4ubuntu2.4_i386.ddeb 77d7564351243c1013e15d141cd6f21a75a4ca78 279936 openssh-client-udeb_7.2p2-4ubuntu2.4_i386.udeb e91c57a0929820ba1f189863407fc7382ccb8fcc 653026 openssh-client_7.2p2-4ubuntu2.4_i386.deb 2e2b57ade2d4cd3a379c53e0bbe944015d746fdf 498964 openssh-server-dbgsym_7.2p2-4ubuntu2.4_i386.ddeb 6a8ccadab6043e611970cf256912a0d12d8ea1e1 490070 openssh-server-udeb-dbgsym_7.2p2-4ubuntu2.4_i386.ddeb da5c75f49123c3c853042dcadd8638b839ec6faa 292972 openssh-server-udeb_7.2p2-4ubuntu2.4_i386.udeb 23b4592952db9f0bc3ab98415f9d64a89e53e8b0 376892 openssh-server_7.2p2-4ubuntu2.4_i386.deb 34bb5a4073bda40793912ebc3ebd38e195288370 68674 openssh-sftp-server-dbgsym_7.2p2-4ubuntu2.4_i386.ddeb 96ef452b657f63ec3a88284fa43650f1311b458c 43982 openssh-sftp-server_7.2p2-4ubuntu2.4_i386.deb 437ce448be595ce993116b7a6635625675496dd3 8496 openssh_7.2p2-4ubuntu2.4_i386_translations.tar.gz e264730e7b01d32b7d31f2d40c5d64cbf7619663 10916 ssh-askpass-gnome-dbgsym_7.2p2-4ubuntu2.4_i386.ddeb 187ab1d70aeb169acd1727b706e9e767fb8dae85 14350 ssh-askpass-gnome_7.2p2-4ubuntu2.4_i386.deb Checksums-Sha256: f5388ab05d7e330f6ecd893f703c5a886baa7e86e086198160afc838148cdd82 942364 openssh-client-dbgsym_7.2p2-4ubuntu2.4_i386.ddeb 31a3f02b65fcfcd94d6243811cbab135da698c7441ce32cf2ff9b79e04949f2d 560630 openssh-client-ssh1-dbgsym_7.2p2-4ubuntu2.4_i386.ddeb ceb4ca0d81f7e704a6bfaf3353ac9e118c8bcceb77df231e02be7d79863139f9 372154 openssh-client-ssh1_7.2p2-4ubuntu2.4_i386.deb ced5d8a02cf01be286c5aba8d91ea0e36d367e36bde8752f152e74da51c26049 441044 openssh-client-udeb-dbgsym_7.2p2-4ubuntu2.4_i386.ddeb fceae46603b8b6e72e566da1a1c75d262cafab6ad76c0fddc70164ca43533145 279936 openssh-client-udeb_7.2p2-4ubuntu2.4_i386.udeb 1074f2501d6497ce72e6a55af4916276970fbe4992f36d558fe2d9e4318cf0be 653026 openssh-client_7.2p2-4ubuntu2.4_i386.deb e9462e2f9bda0a2ce4f8fe5e7eaf7ac794a1c34f0b30a7b84bf6037b5df561c4 498964 openssh-server-dbgsym_7.2p2-4ubuntu2.4_i386.ddeb 13cf1d6f9ba435098b2a683e57ec044121e1a755fb620b2f483db4d3c9ce4f96 490070 openssh-server-udeb-dbgsym_7.2p2-4ubuntu2.4_i386.ddeb 78cede2d14cf6a41a87adcff6ee71b9aed2200d7e6391f4788415ce793a9e225 292972 openssh-server-udeb_7.2p2-4ubuntu2.4_i386.udeb 106fb916523fd9bc5fd924cad7584af0a1ed23960650ecba553c2e58b2e87aae 376892 openssh-server_7.2p2-4ubuntu2.4_i386.deb 4cb1d23dcb14086dec2f2761cf3cf141947f3684ddfc42fffab49f5c3c903ad3 68674 openssh-sftp-server-dbgsym_7.2p2-4ubuntu2.4_i386.ddeb 949f125933f7d3358ac20aaa66366fee857957bc6d64f6bba95ee50956dc1b33 43982 openssh-sftp-server_7.2p2-4ubuntu2.4_i386.deb 7dd4b619c077a3fa88c61e8ec0757cb233f3b609e387251c2130cb7165299c7d 8496 openssh_7.2p2-4ubuntu2.4_i386_translations.tar.gz 128e32f62a48b0267334472d131cf0e6b505096420b511f880e0becb73539d2e 10916 ssh-askpass-gnome-dbgsym_7.2p2-4ubuntu2.4_i386.ddeb f900fa798c58a86aafc8590f351d62770e0ec1b2e2a1087660d18808f28a4a79 14350 ssh-askpass-gnome_7.2p2-4ubuntu2.4_i386.deb Files: 2a95658e0f286846cf6751e8bafe16ce 942364 net extra openssh-client-dbgsym_7.2p2-4ubuntu2.4_i386.ddeb a6132f2722afd4f8aa64ca38d7418c8b 560630 net extra openssh-client-ssh1-dbgsym_7.2p2-4ubuntu2.4_i386.ddeb 6a75ca60f4eb57ea9dcf54c3d053d8e3 372154 net extra openssh-client-ssh1_7.2p2-4ubuntu2.4_i386.deb 1df34f0e61285c18769dee7334134dad 441044 debian-installer extra openssh-client-udeb-dbgsym_7.2p2-4ubuntu2.4_i386.ddeb d91af05661cf60eba17f00a6655816a1 279936 debian-installer optional openssh-client-udeb_7.2p2-4ubuntu2.4_i386.udeb 6de48d732b4294f960b818f869e0bfda 653026 net standard openssh-client_7.2p2-4ubuntu2.4_i386.deb 7748b0c4a59f55c8e1f593b7e960c258 498964 net extra openssh-server-dbgsym_7.2p2-4ubuntu2.4_i386.ddeb 75b7a9457089ad830a0cd5ad14ca91a2 490070 debian-installer extra openssh-server-udeb-dbgsym_7.2p2-4ubuntu2.4_i386.ddeb 27be781752d740e9d73b0a06afc88043 292972 debian-installer optional openssh-server-udeb_7.2p2-4ubuntu2.4_i386.udeb 76582bb067baaf7af7f30ad4e754fd38 376892 net optional openssh-server_7.2p2-4ubuntu2.4_i386.deb 9803ee0cb0df676ebf51e361fc7d3687 68674 net extra openssh-sftp-server-dbgsym_7.2p2-4ubuntu2.4_i386.ddeb 6ad6cf2db1097f9a4416059f8aad0d14 43982 net optional openssh-sftp-server_7.2p2-4ubuntu2.4_i386.deb 8f4adcd76229e46019a4ba61b81f188e 8496 raw-translations - openssh_7.2p2-4ubuntu2.4_i386_translations.tar.gz 04c9408cf00031403f7f80a669dd1712 10916 gnome extra ssh-askpass-gnome-dbgsym_7.2p2-4ubuntu2.4_i386.ddeb 983d604bb883248a19fb5763819c7483 14350 gnome optional ssh-askpass-gnome_7.2p2-4ubuntu2.4_i386.deb Original-Maintainer: Debian OpenSSH Maintainers