Format: 1.8 Date: Thu, 31 Jan 2019 08:35:48 -0500 Source: openssh Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: armhf armhf_translations Version: 1:7.7p1-4ubuntu0.2 Distribution: cosmic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad Changes: openssh (1:7.7p1-4ubuntu0.2) cosmic-security; urgency=medium . * SECURITY UPDATE: access restrictions bypass in scp - debian/patches/CVE-2018-20685.patch: disallow empty filenames or ones that refer to the current directory in scp.c. - CVE-2018-20685 * SECURITY UPDATE: scp client spoofing via object name - debian/patches/CVE-2019-6109.patch: make sure the filenames match the wildcard specified by the user, and add new flag to relax the new restrictions in scp.c, scp.1. - CVE-2019-6109 * SECURITY UPDATE: scp client missing received object name validation - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via snmprintf in atomicio.c, progressmeter.c, progressmeter.h, scp.c, sftp-client.c. - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in progressmeter.c, progressmeter.h, scp.c, sftp-client.c. - CVE-2019-6111 Checksums-Sha1: 08778852fb3a190fdb3d9b794af08cbfa0b1cac1 3436240 openssh-client-dbgsym_7.7p1-4ubuntu0.2_armhf.ddeb b75bb3474a8dbfe2c46456743b7ae72532b4861e 245920 openssh-client-udeb_7.7p1-4ubuntu0.2_armhf.udeb eff8c80fdb7942f6068b82e9e92c2da98a28ba7d 526336 openssh-client_7.7p1-4ubuntu0.2_armhf.deb eedeb4ef0f23d4e8cbbab232810f58501e810b2f 1018160 openssh-server-dbgsym_7.7p1-4ubuntu0.2_armhf.ddeb 3fa9caf58a0d6889958b2ff32369f1f48a2cd63c 253852 openssh-server-udeb_7.7p1-4ubuntu0.2_armhf.udeb 739d97bfa0de7e23cf627cf6605336ed54a28251 295284 openssh-server_7.7p1-4ubuntu0.2_armhf.deb 9f3928bbdedf886fac24997c76cb3f22c4679c85 138576 openssh-sftp-server-dbgsym_7.7p1-4ubuntu0.2_armhf.ddeb 619a972e32d9be9c0e21d927040717b5af9b4219 39040 openssh-sftp-server_7.7p1-4ubuntu0.2_armhf.deb 97d41b1092383eda0842b06ebb23409203de66ce 17275 openssh_7.7p1-4ubuntu0.2_armhf.buildinfo fe7725d9a41920e8594b3a60ff800ec3c205a9fe 8510 openssh_7.7p1-4ubuntu0.2_armhf_translations.tar.gz 2b429c1456fa1aa2f5ef083dd863828b7924c9b7 12564 ssh-askpass-gnome-dbgsym_7.7p1-4ubuntu0.2_armhf.ddeb 8a5be3db22376dbefd84041f7df256672f3c6f88 16648 ssh-askpass-gnome_7.7p1-4ubuntu0.2_armhf.deb Checksums-Sha256: ded70a31ad518f56a96aeda2944d81e719d4ca04b5f72d885bdb25072a1bcdf2 3436240 openssh-client-dbgsym_7.7p1-4ubuntu0.2_armhf.ddeb 0ad0572e229a373005d214c360fa046b44469af1a863ee48ad8643964d6e5dc4 245920 openssh-client-udeb_7.7p1-4ubuntu0.2_armhf.udeb fb21b71c9a5faba84391ca21cb92200e403d098cc0bdd23b5077c8d45fe38418 526336 openssh-client_7.7p1-4ubuntu0.2_armhf.deb a50948e258efd8991283979ca2699e187cb589cf0dd7106da53e4c1bcd6547f8 1018160 openssh-server-dbgsym_7.7p1-4ubuntu0.2_armhf.ddeb e60bd0c30a6ce84c440a659a18fbe898a1b5dbb1550f092c3c7e13212687c1be 253852 openssh-server-udeb_7.7p1-4ubuntu0.2_armhf.udeb e89b32ad485d3757a0c15bf909893618f712e9d97e0d8b3ffc74c2896f5850f2 295284 openssh-server_7.7p1-4ubuntu0.2_armhf.deb d6ed65d20219ca5e5e5185695ea15776de23f2cc2a55167d565f82e00eeef9c4 138576 openssh-sftp-server-dbgsym_7.7p1-4ubuntu0.2_armhf.ddeb c0173a7331c5040aba3bcbd6f3b3cc1785533fab58d0eaf65305aef241c0741d 39040 openssh-sftp-server_7.7p1-4ubuntu0.2_armhf.deb ecd451ee19c219908aa0f42aae6ce33f8dbd66e6f22a5a45c8ee530800a069b5 17275 openssh_7.7p1-4ubuntu0.2_armhf.buildinfo 525c75f46e05b5c29642502b2c1bead87e4675e8971f2e946bd1cb152a1b3c4b 8510 openssh_7.7p1-4ubuntu0.2_armhf_translations.tar.gz 139e232507539bc143e061fc2ab5cda10b0545ccf20e1ead705e2e239600c568 12564 ssh-askpass-gnome-dbgsym_7.7p1-4ubuntu0.2_armhf.ddeb c49f86136a7a75d6b6345b9b82c0aea9ede6a9c0cfeb449685927822302a3989 16648 ssh-askpass-gnome_7.7p1-4ubuntu0.2_armhf.deb Files: 5ffa2e4f8dc3b5d3421964b1bfef9fcc 3436240 debug optional openssh-client-dbgsym_7.7p1-4ubuntu0.2_armhf.ddeb ad1b5c51717d0dc63ea5c53f7f08afbd 245920 debian-installer optional openssh-client-udeb_7.7p1-4ubuntu0.2_armhf.udeb 066d252789ac5aa63bbe169e31aef07c 526336 net standard openssh-client_7.7p1-4ubuntu0.2_armhf.deb 4a1d6c60cd11a7b8e3ad6baebb0af4ea 1018160 debug optional openssh-server-dbgsym_7.7p1-4ubuntu0.2_armhf.ddeb 0d07876f14666ce3c343dc81ed795e36 253852 debian-installer optional openssh-server-udeb_7.7p1-4ubuntu0.2_armhf.udeb 6b1fe5da6dd44ab975d67b9b80afb309 295284 net optional openssh-server_7.7p1-4ubuntu0.2_armhf.deb e1c26b8360d323b630591c63bd559ca3 138576 debug optional openssh-sftp-server-dbgsym_7.7p1-4ubuntu0.2_armhf.ddeb 49474b3e5b92dd02c0eb95e32d9853cf 39040 net optional openssh-sftp-server_7.7p1-4ubuntu0.2_armhf.deb a04976dd96f5e1c5428b8dcade868ed2 17275 net standard openssh_7.7p1-4ubuntu0.2_armhf.buildinfo 71284163308f1674dabaffec4b4d9f40 8510 raw-translations - openssh_7.7p1-4ubuntu0.2_armhf_translations.tar.gz 737eb506b4d5516162f836429ccfc661 12564 debug optional ssh-askpass-gnome-dbgsym_7.7p1-4ubuntu0.2_armhf.ddeb 5350578c433b924127c931c76e84112c 16648 gnome optional ssh-askpass-gnome_7.7p1-4ubuntu0.2_armhf.deb Original-Maintainer: Debian OpenSSH Maintainers