Format: 1.8 Date: Mon, 15 Jan 2018 09:50:38 -0500 Source: openssh Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: s390x s390x_translations Version: 1:7.2p2-4ubuntu2.4 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Changes: openssh (1:7.2p2-4ubuntu2.4) xenial-security; urgency=medium . * SECURITY UPDATE: untrusted search path when loading PKCS#11 modules - debian/patches/CVE-2016-10009.patch: add a whitelist of paths from which ssh-agent will load a PKCS#11 module in ssh-agent.1, ssh-agent.c. - debian/patches/CVE-2016-10009-2.patch: fix deletion of PKCS#11 keys in ssh-agent.c. - debian/patches/CVE-2016-10009-3.patch: relax whitelist in ssh-agent.c. - debian/patches/CVE-2016-10009-4.patch: add missing label in ssh-agent.c. - CVE-2016-10009 * SECURITY UPDATE: local privilege escalation via socket permissions when privilege separation is disabled - debian/patches/CVE-2016-10010.patch: disable Unix-domain socket forwarding when privsep is disabled in serverloop.c. - debian/patches/CVE-2016-10010-2.patch: unbreak Unix domain socket forwarding for root in serverloop.c. - CVE-2016-10010 * SECURITY UPDATE: local information disclosure via effects of realloc on buffer contents - debian/patches/CVE-2016-10011-pre.patch: split allocation out of sshbuf_reserve() in sshbuf.c, sshbuf.h. - debian/patches/CVE-2016-10011.patch: pre-allocate the buffer used for loading keys in authfile.c. - CVE-2016-10011 * SECURITY UPDATE: local privilege escalation via incorrect bounds check in shared memory manager - debian/patches/CVE-2016-10012-1.patch: remove support for pre-authentication compression in Makefile.in, monitor.c, monitor.h, monitor_mm.c, monitor_mm.h, monitor_wrap.h, myproposal.h, opacket.h, packet.c, packet.h, servconf.c, sshconnect2.c, sshd.c. - debian/patches/CVE-2016-10012-2.patch: restore pre-auth compression support in the client in kex.c, kex.h, packet.c, servconf.c, sshconnect2.c, sshd_config.5. - debian/patches/CVE-2016-10012-3.patch: put back some pre-auth zlib bits in kex.c, kex.h, packet.c. - CVE-2016-10012 * SECURITY UPDATE: DoS via zero-length file creation in readonly mode - debian/patches/CVE-2017-15906.patch: disallow creation of empty files in sftp-server.c. - CVE-2017-15906 Checksums-Sha1: afceff29a508910f1bef946e6a183c7b45fe1c28 934764 openssh-client-dbgsym_7.2p2-4ubuntu2.4_s390x.ddeb f9b2d6a16c3200c95bafecf926b9564daa356445 568966 openssh-client-ssh1-dbgsym_7.2p2-4ubuntu2.4_s390x.ddeb e00fea36cfbec29cf526c3d56daf452d7310a612 306260 openssh-client-ssh1_7.2p2-4ubuntu2.4_s390x.deb 1d8795455b872cce184b4c6a6eac73909bf12703 453304 openssh-client-udeb-dbgsym_7.2p2-4ubuntu2.4_s390x.ddeb c93994774c3dbfdae65f77de7606bbd1c8f55912 263194 openssh-client-udeb_7.2p2-4ubuntu2.4_s390x.udeb 7007a6d7a093c099547f8143362746a67ef2a8b7 563670 openssh-client_7.2p2-4ubuntu2.4_s390x.deb a0c9b684ac997f4234f1800f5e4d5922d814db37 518304 openssh-server-dbgsym_7.2p2-4ubuntu2.4_s390x.ddeb 4a18b0dc263e2fd4b19020aa7d280d97328b86c8 500788 openssh-server-udeb-dbgsym_7.2p2-4ubuntu2.4_s390x.ddeb afb886b5632cab651ebbc5ccfb3ddf8eed39caec 278218 openssh-server-udeb_7.2p2-4ubuntu2.4_s390x.udeb c9a4082d31b15c6fcd21ff1528caa8c1b49b7630 318292 openssh-server_7.2p2-4ubuntu2.4_s390x.deb 03993056957707114904b1a3a45a5b82305bf50b 70406 openssh-sftp-server-dbgsym_7.2p2-4ubuntu2.4_s390x.ddeb 01259ad8a7caf10f78236015bb79b427578ebbcc 37186 openssh-sftp-server_7.2p2-4ubuntu2.4_s390x.deb 848f3a7cb0fd74516e0ac452185ac5f2115950a0 8505 openssh_7.2p2-4ubuntu2.4_s390x_translations.tar.gz 248bd496b62f24879a51ef352d8c99114fe42253 10700 ssh-askpass-gnome-dbgsym_7.2p2-4ubuntu2.4_s390x.ddeb db4502cfe199aaec007e68e4b9b31eb08d8467ad 14460 ssh-askpass-gnome_7.2p2-4ubuntu2.4_s390x.deb Checksums-Sha256: 5f738b416388b7cfecb1a03c460435b8ed503720af47b32eacdfedfc77771438 934764 openssh-client-dbgsym_7.2p2-4ubuntu2.4_s390x.ddeb 985a13249ff7115c85b0dfcdc7067ffb2c387456485208e975b3e09fb9143a36 568966 openssh-client-ssh1-dbgsym_7.2p2-4ubuntu2.4_s390x.ddeb 2447d8d177d676dccc54ead86d8146b960b2f21dc36a7a87ed6e29f51181aeb1 306260 openssh-client-ssh1_7.2p2-4ubuntu2.4_s390x.deb 4f41af5f7b461a645ad1bf8c3053adf7bb99be0a39dcef489e4c2786e9d278fa 453304 openssh-client-udeb-dbgsym_7.2p2-4ubuntu2.4_s390x.ddeb 92dc91a9652701deaf92ee7acfb35191195ed3e7594d5106658e10b99ab4fc00 263194 openssh-client-udeb_7.2p2-4ubuntu2.4_s390x.udeb 628351479127633b86a7c52a71b8582d6522232c64c4cfaaf9e2f8d52d099f81 563670 openssh-client_7.2p2-4ubuntu2.4_s390x.deb 8d213daa9a3837dc1942b7a90c08695edab79719e6ffbc3f8e0f997bc0b99292 518304 openssh-server-dbgsym_7.2p2-4ubuntu2.4_s390x.ddeb 051f63a73967b9472cd42c28e40086ea1fa10ba5e29c7ec162b17bef5aed4040 500788 openssh-server-udeb-dbgsym_7.2p2-4ubuntu2.4_s390x.ddeb b0bc79e37e9ebbe3c221138581a8dd95a9ca498bf6ecb377d6db3300cec75259 278218 openssh-server-udeb_7.2p2-4ubuntu2.4_s390x.udeb 82619273d2d8fc467679bb4ba8c700379382e433d4dcd278e420a86ac023af85 318292 openssh-server_7.2p2-4ubuntu2.4_s390x.deb 0f4f2de1f0db31c701fe3c1155b09a55f871a1cb46996e7a04e0beb72bd61397 70406 openssh-sftp-server-dbgsym_7.2p2-4ubuntu2.4_s390x.ddeb 856fdc92080be881a2f541a9d9ab0ce1954b2094e28597a8cc5d9a41ca5ce000 37186 openssh-sftp-server_7.2p2-4ubuntu2.4_s390x.deb 5eaa1de28a12bc629775c1307c27627ff6691926af129547a7a7edb5e5c50cf7 8505 openssh_7.2p2-4ubuntu2.4_s390x_translations.tar.gz 00d2cad2897b0fc5f627446164b9b6e2032e090dc762642d9027f4b29a84502f 10700 ssh-askpass-gnome-dbgsym_7.2p2-4ubuntu2.4_s390x.ddeb 11fbb1dae5d7a221da4a9ea6fdda1e950c835977eea4d06d3041e7a533475cbc 14460 ssh-askpass-gnome_7.2p2-4ubuntu2.4_s390x.deb Files: 24a6fdcc62161823414876ec546a38e2 934764 net extra openssh-client-dbgsym_7.2p2-4ubuntu2.4_s390x.ddeb 77727256ab686a997692173699893067 568966 net extra openssh-client-ssh1-dbgsym_7.2p2-4ubuntu2.4_s390x.ddeb 5b8c683f6c37c5d4e0faa235d042ff5a 306260 net extra openssh-client-ssh1_7.2p2-4ubuntu2.4_s390x.deb cac7d42b740be0cc2e5632a58e9afd8c 453304 debian-installer extra openssh-client-udeb-dbgsym_7.2p2-4ubuntu2.4_s390x.ddeb 5738a247799f80e8b4942cef73fa3218 263194 debian-installer optional openssh-client-udeb_7.2p2-4ubuntu2.4_s390x.udeb c1ff5f3d97ad6e111ed9e29b91a2d328 563670 net standard openssh-client_7.2p2-4ubuntu2.4_s390x.deb bccad572205985a58f53887851f811f1 518304 net extra openssh-server-dbgsym_7.2p2-4ubuntu2.4_s390x.ddeb 700dc117bcf13b0ccd51eea31140e090 500788 debian-installer extra openssh-server-udeb-dbgsym_7.2p2-4ubuntu2.4_s390x.ddeb 950ed261f877964c8fe5e59f6524b1e0 278218 debian-installer optional openssh-server-udeb_7.2p2-4ubuntu2.4_s390x.udeb f0121a7816b3be81bb9d9e32774e68b5 318292 net optional openssh-server_7.2p2-4ubuntu2.4_s390x.deb 7b376f9fff8c50805f3b466fc8c6f823 70406 net extra openssh-sftp-server-dbgsym_7.2p2-4ubuntu2.4_s390x.ddeb 9fb1943de2e17a7c363ea6d7d4482456 37186 net optional openssh-sftp-server_7.2p2-4ubuntu2.4_s390x.deb ae9447a032dd379eb5af846c038d1c60 8505 raw-translations - openssh_7.2p2-4ubuntu2.4_s390x_translations.tar.gz d972da574e1c244b86a355ae907bb738 10700 gnome extra ssh-askpass-gnome-dbgsym_7.2p2-4ubuntu2.4_s390x.ddeb 3ae9bb79f9b4ae9e64d3bd67353a34fc 14460 gnome optional ssh-askpass-gnome_7.2p2-4ubuntu2.4_s390x.deb Original-Maintainer: Debian OpenSSH Maintainers