Format: 1.8 Date: Thu, 31 Jan 2019 09:03:12 -0500 Source: openssh Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: i386 i386_translations Version: 1:7.2p2-4ubuntu2.7 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Changes: openssh (1:7.2p2-4ubuntu2.7) xenial-security; urgency=medium . * SECURITY UPDATE: access restrictions bypass in scp - debian/patches/CVE-2018-20685.patch: disallow empty filenames or ones that refer to the current directory in scp.c. - CVE-2018-20685 * SECURITY UPDATE: scp client spoofing via object name - debian/patches/CVE-2019-6109.patch: make sure the filenames match the wildcard specified by the user, and add new flag to relax the new restrictions in scp.c, scp.1. - CVE-2019-6109 * SECURITY UPDATE: scp client missing received object name validation - debian/patches/CVE-2019-6111-pre1.patch: backport snmprintf from newer OpenSSH in Makefile.in, utf8.c, utf8.h, configure.ac. - debian/patches/CVE-2019-6111-pre2.patch: update vis.h and vis.c from newer OpenSSH. - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via snmprintf in atomicio.c, progressmeter.c, progressmeter.h, scp.c, sftp-client.c. - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in progressmeter.c, progressmeter.h, scp.c, sftp-client.c. - CVE-2019-6111 Checksums-Sha1: 80f36191138d9c9d22f8ad36fb1ceb5b4093b06c 951262 openssh-client-dbgsym_7.2p2-4ubuntu2.7_i386.ddeb 3ccbe18238d7bcafe378a81786dce228a5cfa34d 563070 openssh-client-ssh1-dbgsym_7.2p2-4ubuntu2.7_i386.ddeb 426ef2e220490c86cb4dc75442a312bdd27884e3 372860 openssh-client-ssh1_7.2p2-4ubuntu2.7_i386.deb 7d53c74d28108496aa000d921f2b39b36db092e4 448364 openssh-client-udeb-dbgsym_7.2p2-4ubuntu2.7_i386.ddeb 788f86d77ce6a5120516df29ff073ff6e2e06395 281628 openssh-client-udeb_7.2p2-4ubuntu2.7_i386.udeb 7d07346a34b2ef9336a5a0916c29ab4d12e7c852 652728 openssh-client_7.2p2-4ubuntu2.7_i386.deb 5a904ae13dac5cf9d96a4c1edf372fc1fe6be8ee 499286 openssh-server-dbgsym_7.2p2-4ubuntu2.7_i386.ddeb da6ea0ffd0a328694259a72f284ba44b3b2c225b 489882 openssh-server-udeb-dbgsym_7.2p2-4ubuntu2.7_i386.ddeb 615833bcffa2329095f1169f921596d3c71b8385 293444 openssh-server-udeb_7.2p2-4ubuntu2.7_i386.udeb 81146b2a2dbdb248aedcd346f7658157d8589293 376964 openssh-server_7.2p2-4ubuntu2.7_i386.deb 57934599f0e1cbf2a8efccc8cadea0075d957e41 68980 openssh-sftp-server-dbgsym_7.2p2-4ubuntu2.7_i386.ddeb 53eea4e1691118434d898b291b92ab12f13d1ab4 44066 openssh-sftp-server_7.2p2-4ubuntu2.7_i386.deb 7f7ad40fa4587210e153951def890e0801613531 8485 openssh_7.2p2-4ubuntu2.7_i386_translations.tar.gz 71b0b727b36fd2f954158f27d02fa5f6af60c365 10898 ssh-askpass-gnome-dbgsym_7.2p2-4ubuntu2.7_i386.ddeb 4342ad0e26726d25cba56582398dba58a0ba4272 14376 ssh-askpass-gnome_7.2p2-4ubuntu2.7_i386.deb Checksums-Sha256: 5cc2ea0a583864f0b14afcead3d094fb37cb6136916ef94f39ec19f4c2309723 951262 openssh-client-dbgsym_7.2p2-4ubuntu2.7_i386.ddeb 2edf7ab01c9c0828304d1db4d021a8566b4dc4d656a32ab39cdc6ee7a533e966 563070 openssh-client-ssh1-dbgsym_7.2p2-4ubuntu2.7_i386.ddeb 2ae7b1b2bd64cb613bb74b836e1ad0f9217632c0a5c3ba2543a5302c6f3e7fec 372860 openssh-client-ssh1_7.2p2-4ubuntu2.7_i386.deb d9420225a3e9497386e5c0a6dca616d880f18ed5717cf256bfdc8ecc06b856de 448364 openssh-client-udeb-dbgsym_7.2p2-4ubuntu2.7_i386.ddeb 1f5fe5145146ace0fff4560adb9f00e9d2552f218713d82806860a112564ebaa 281628 openssh-client-udeb_7.2p2-4ubuntu2.7_i386.udeb da61c47692863d49ba6a07925a400a1017e866f507f2e2ad27d5df7cb970fcc5 652728 openssh-client_7.2p2-4ubuntu2.7_i386.deb bacb3580372ff72d277d3056d7a4c0e43c5c506093fb18e14cd1d4ee236b89fb 499286 openssh-server-dbgsym_7.2p2-4ubuntu2.7_i386.ddeb d7682770f1ac80053ff27b1efbe15f00d0c92ed59f0b90949776fb324851dc7c 489882 openssh-server-udeb-dbgsym_7.2p2-4ubuntu2.7_i386.ddeb 09ff25a238480937234344e3eb1dcc0718f09c005bfefe3c0ad863377e45e1a1 293444 openssh-server-udeb_7.2p2-4ubuntu2.7_i386.udeb 03648da6e95fb6b3670fdc17bc6439a7ec201bc6a56d148c490b32c4b9722ba6 376964 openssh-server_7.2p2-4ubuntu2.7_i386.deb fa4ff937fca6d0d6280df6bb277fc229cc9c83efeeffe995827ddd2f0cf4029e 68980 openssh-sftp-server-dbgsym_7.2p2-4ubuntu2.7_i386.ddeb 0cf582dbe0d1a6c6252d3d10a3d0e1c566049c690cc548655b7faeb82f4dfc9e 44066 openssh-sftp-server_7.2p2-4ubuntu2.7_i386.deb df4b9461ba41923110578a8eb297cc8b2c02a85ed117bc198a0136846b6109e4 8485 openssh_7.2p2-4ubuntu2.7_i386_translations.tar.gz 0fc8e6c310c87750b180885172915ae88f928bfa3982f28706220b8710b1082a 10898 ssh-askpass-gnome-dbgsym_7.2p2-4ubuntu2.7_i386.ddeb 86ef4d1ffbe977af2ac93490a769eac54b608eac5b03956338fed8d69ab560a8 14376 ssh-askpass-gnome_7.2p2-4ubuntu2.7_i386.deb Files: 118f44426069e7b0cd962514c9fdba5e 951262 net extra openssh-client-dbgsym_7.2p2-4ubuntu2.7_i386.ddeb eee5ef57d69371253b2f6e71a5df8b74 563070 net extra openssh-client-ssh1-dbgsym_7.2p2-4ubuntu2.7_i386.ddeb 7970ea51c996d0bf8abc520a82ecacf0 372860 net extra openssh-client-ssh1_7.2p2-4ubuntu2.7_i386.deb c7e786e83ef31f4f819638e7b7d4535e 448364 debian-installer extra openssh-client-udeb-dbgsym_7.2p2-4ubuntu2.7_i386.ddeb bc448a3652fa9a6a5027e233909aaa9c 281628 debian-installer optional openssh-client-udeb_7.2p2-4ubuntu2.7_i386.udeb b2bb85fc8183dc9ec73b20d636d7a946 652728 net standard openssh-client_7.2p2-4ubuntu2.7_i386.deb f388145a7a9930f212ef71b007bb8e2e 499286 net extra openssh-server-dbgsym_7.2p2-4ubuntu2.7_i386.ddeb 45b638175a473d73656145961e27ab3a 489882 debian-installer extra openssh-server-udeb-dbgsym_7.2p2-4ubuntu2.7_i386.ddeb 05051db4f57f00d4bf9dd9a8e42dd31d 293444 debian-installer optional openssh-server-udeb_7.2p2-4ubuntu2.7_i386.udeb be85587ac31614d7be75dbb815182af6 376964 net optional openssh-server_7.2p2-4ubuntu2.7_i386.deb 0420198746a4a8ebe99f94fee7ba4134 68980 net extra openssh-sftp-server-dbgsym_7.2p2-4ubuntu2.7_i386.ddeb 990d3f8db4d586064947a98fedfce599 44066 net optional openssh-sftp-server_7.2p2-4ubuntu2.7_i386.deb 1b149b65e8a24c5b1924c97ad884d261 8485 raw-translations - openssh_7.2p2-4ubuntu2.7_i386_translations.tar.gz 7add08eed73705805c54b213e38c2697 10898 gnome extra ssh-askpass-gnome-dbgsym_7.2p2-4ubuntu2.7_i386.ddeb 564c506296957dd924732726e8dc8e03 14376 gnome optional ssh-askpass-gnome_7.2p2-4ubuntu2.7_i386.deb Original-Maintainer: Debian OpenSSH Maintainers