Format: 1.8 Date: Thu, 01 Nov 2018 16:16:02 -0300 Source: openssh Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: amd64 amd64_translations all Version: 1:7.2p2-4ubuntu2.6 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Leonidas S. Barbosa Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Launchpad-Bugs-Fixed: 1794629 Changes: openssh (1:7.2p2-4ubuntu2.6) xenial-security; urgency=medium . [ Ryan Finnie ] * SECURITY UPDATE: OpenSSH User Enumeration Vulnerability (LP: #1794629) - debian/patches/CVE-2018-15473.patch: delay bailout for invalid authenticating user until after the packet containing the request has been fully parsed. - CVE-2018-15473 * SECURITY UPDATE: Privsep process chrashing via an out-of-sequence - debian/patches/CVE-2016-10708.patch: fix in kex.c, pack.c. - CVE-2016-10708 Checksums-Sha1: fc4c6d645af233567935a094dad64a9c5289eb2d 1069922 openssh-client-dbgsym_7.2p2-4ubuntu2.6_amd64.ddeb c4f43220b1c3b20fdb86eb46020da5f0de5507c4 643320 openssh-client-ssh1-dbgsym_7.2p2-4ubuntu2.6_amd64.ddeb 99f65058e94af8e8a56c96aac8a668ab37ef4b0b 327278 openssh-client-ssh1_7.2p2-4ubuntu2.6_amd64.deb 650afaae0c58bb87f1526fb794058e59fabcb65a 512208 openssh-client-udeb-dbgsym_7.2p2-4ubuntu2.6_amd64.ddeb b6c34e47c79f5fb73f584031287727f21c57f369 271192 openssh-client-udeb_7.2p2-4ubuntu2.6_amd64.udeb c4cc6883633cbb478332ae42a313a8a7bdf59eaa 584304 openssh-client_7.2p2-4ubuntu2.6_amd64.deb 8b92fd232b0661617ced1713a608bee18930527d 583606 openssh-server-dbgsym_7.2p2-4ubuntu2.6_amd64.ddeb 1a1dca6be611ec340c66a3ab0a80a1cef09c1898 565558 openssh-server-udeb-dbgsym_7.2p2-4ubuntu2.6_amd64.ddeb e06f6388a39b40842f69443521050a1326c12302 284438 openssh-server-udeb_7.2p2-4ubuntu2.6_amd64.udeb df91624b15e52a13546c3c53fec52ceb9dc77d2f 334658 openssh-server_7.2p2-4ubuntu2.6_amd64.deb 3fa4905f726f627f5749b190014b0d8ada360944 77056 openssh-sftp-server-dbgsym_7.2p2-4ubuntu2.6_amd64.ddeb 692a644fddbb063ef1c526739ceede19e9d044a8 38752 openssh-sftp-server_7.2p2-4ubuntu2.6_amd64.deb ff1fa3827f32753f37cce41b7b9c71896771cc22 8485 openssh_7.2p2-4ubuntu2.6_amd64_translations.tar.gz a7cfc491e85a469f55b906232b9f04a7469c84c2 11582 ssh-askpass-gnome-dbgsym_7.2p2-4ubuntu2.6_amd64.ddeb 7e0876606b9a6f4d936996537c061df73beb4aaa 14182 ssh-askpass-gnome_7.2p2-4ubuntu2.6_amd64.deb ab4fc287ee7c083d5eee3f8ceae511d55e4b5abb 7922 ssh-krb5_7.2p2-4ubuntu2.6_all.deb 19f54fdab80234df72d0b00e7a1b525684086337 7086 ssh_7.2p2-4ubuntu2.6_all.deb Checksums-Sha256: e3612d973ccb7ded462cb260d9a8d935b4353cc39ea8f2f619c79fa15d6b34c2 1069922 openssh-client-dbgsym_7.2p2-4ubuntu2.6_amd64.ddeb d1587c8f95280ecfb7e54841c9c7e3695b02c2e87faff17db511630b1c7649c6 643320 openssh-client-ssh1-dbgsym_7.2p2-4ubuntu2.6_amd64.ddeb 08bb2b0a891c5c6c92cafdf3252d07124bfecc6636b0ce5fd3f88627d3c13723 327278 openssh-client-ssh1_7.2p2-4ubuntu2.6_amd64.deb 42fe10eb0acfc5be6ee77fb365f3f62e827e0220436d9e40e7d39c9fc20f2bc4 512208 openssh-client-udeb-dbgsym_7.2p2-4ubuntu2.6_amd64.ddeb cd0a0ca63d19b29888c8d69ec373e6fde9687f2387105825951435dc0ecafc4e 271192 openssh-client-udeb_7.2p2-4ubuntu2.6_amd64.udeb 33c09fb907dfda9fdcd3e606f71217eea87848b1b2b5747136752c55c0813dcd 584304 openssh-client_7.2p2-4ubuntu2.6_amd64.deb f1d3c47a4609fb17e74e1148077c5afe6959743f109d799529c6a53aa75cdbb5 583606 openssh-server-dbgsym_7.2p2-4ubuntu2.6_amd64.ddeb c319822eae3cc3c85e4854d103fcf6b86854e4d442771c006429a272bd6de9a5 565558 openssh-server-udeb-dbgsym_7.2p2-4ubuntu2.6_amd64.ddeb bde308770886e6b5395ca4ee188bb2070315e4d1db74c755f2d1f96f663cad65 284438 openssh-server-udeb_7.2p2-4ubuntu2.6_amd64.udeb 99338826ecee93a9e6f9ebe54feb5f5fac876fcc7692f2a063ef31d314c9aff6 334658 openssh-server_7.2p2-4ubuntu2.6_amd64.deb cb98e11e5fc6c270e982f93201673e1f7d2384d8f36db9ec35c3d48e3f941448 77056 openssh-sftp-server-dbgsym_7.2p2-4ubuntu2.6_amd64.ddeb 4a930ff7e7e8e0efc6cd36fe554f7e69e65b5c2ca47d77b42cdaae20b31dffdf 38752 openssh-sftp-server_7.2p2-4ubuntu2.6_amd64.deb 43fab5d667d74d5f338602a14cf1de15b2742fcfcce6084acdd4bdad5057b1e2 8485 openssh_7.2p2-4ubuntu2.6_amd64_translations.tar.gz 1715d4d07502e5f7bbed687fbc25c698c32796b028a689f479632b1008157770 11582 ssh-askpass-gnome-dbgsym_7.2p2-4ubuntu2.6_amd64.ddeb 238e912ab0b45e2926f8d5c28dc4b4736175913531ec35b516708032071612b7 14182 ssh-askpass-gnome_7.2p2-4ubuntu2.6_amd64.deb 40b5210bed4393cd63c8aa0d9145d3a9f4f7f7d5d1f249d45faa8fc52fd755d3 7922 ssh-krb5_7.2p2-4ubuntu2.6_all.deb 398e99e3999f66f1a045f30432e803d6905428be80206f5197ca3d7043b86131 7086 ssh_7.2p2-4ubuntu2.6_all.deb Files: fdba985af9f11fdea1fa4d598a9f237d 1069922 net extra openssh-client-dbgsym_7.2p2-4ubuntu2.6_amd64.ddeb df524e1020c2c34c0e8a4b64e745a823 643320 net extra openssh-client-ssh1-dbgsym_7.2p2-4ubuntu2.6_amd64.ddeb 6fbcdef728e5d64e4903f327a94c503c 327278 net extra openssh-client-ssh1_7.2p2-4ubuntu2.6_amd64.deb f96c8d7ecc97ced0daa444b287d0bf7a 512208 debian-installer extra openssh-client-udeb-dbgsym_7.2p2-4ubuntu2.6_amd64.ddeb 5ac8c60de2a97c2b13b734487cdca554 271192 debian-installer optional openssh-client-udeb_7.2p2-4ubuntu2.6_amd64.udeb f9a4c2c1becb97924aa14433a144038c 584304 net standard openssh-client_7.2p2-4ubuntu2.6_amd64.deb 3a6db56467a0744e85819a5efa254cfe 583606 net extra openssh-server-dbgsym_7.2p2-4ubuntu2.6_amd64.ddeb 3d5293483df12c5752e7ed1338496384 565558 debian-installer extra openssh-server-udeb-dbgsym_7.2p2-4ubuntu2.6_amd64.ddeb 204cb28b31dc0397b080d4616eb6b3a5 284438 debian-installer optional openssh-server-udeb_7.2p2-4ubuntu2.6_amd64.udeb 4a6ebc32a36283491a0b7f2c75b1a763 334658 net optional openssh-server_7.2p2-4ubuntu2.6_amd64.deb 7b88a1c42312b1f9fe96ab673ebac1bc 77056 net extra openssh-sftp-server-dbgsym_7.2p2-4ubuntu2.6_amd64.ddeb 8038820ec0045680162b656e8df96d0b 38752 net optional openssh-sftp-server_7.2p2-4ubuntu2.6_amd64.deb 3beaed50d275d5fd1c75cef9210bc5be 8485 raw-translations - openssh_7.2p2-4ubuntu2.6_amd64_translations.tar.gz 6ed2715252b2e67f8454e2012a90ac2f 11582 gnome extra ssh-askpass-gnome-dbgsym_7.2p2-4ubuntu2.6_amd64.ddeb 9448b9b49ba1d55d7b60c39d11a8428b 14182 gnome optional ssh-askpass-gnome_7.2p2-4ubuntu2.6_amd64.deb 86e21d0aca7765dc53712a5f3f76bb99 7922 oldlibs extra ssh-krb5_7.2p2-4ubuntu2.6_all.deb 9ee39691862204aad1d3ef48237ad843 7086 net extra ssh_7.2p2-4ubuntu2.6_all.deb Original-Maintainer: Debian OpenSSH Maintainers