Format: 1.8 Date: Thu, 31 Jan 2019 08:35:48 -0500 Source: openssh Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: ppc64el ppc64el_translations Version: 1:7.7p1-4ubuntu0.2 Distribution: cosmic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad Changes: openssh (1:7.7p1-4ubuntu0.2) cosmic-security; urgency=medium . * SECURITY UPDATE: access restrictions bypass in scp - debian/patches/CVE-2018-20685.patch: disallow empty filenames or ones that refer to the current directory in scp.c. - CVE-2018-20685 * SECURITY UPDATE: scp client spoofing via object name - debian/patches/CVE-2019-6109.patch: make sure the filenames match the wildcard specified by the user, and add new flag to relax the new restrictions in scp.c, scp.1. - CVE-2019-6109 * SECURITY UPDATE: scp client missing received object name validation - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via snmprintf in atomicio.c, progressmeter.c, progressmeter.h, scp.c, sftp-client.c. - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in progressmeter.c, progressmeter.h, scp.c, sftp-client.c. - CVE-2019-6111 Checksums-Sha1: 738d47ba0de0d8e4ed912b9bb595f77cbda93b4b 3965992 openssh-client-dbgsym_7.7p1-4ubuntu0.2_ppc64el.ddeb dc67d8613969d38b8861d8d5cad67fbe1d0adb79 268792 openssh-client-udeb_7.7p1-4ubuntu0.2_ppc64el.udeb 39d42fda076648be97c280f8612b9cd873b16bc7 692372 openssh-client_7.7p1-4ubuntu0.2_ppc64el.deb 9b5c4fce761e30fc52a2db2b8c37db94e8e45557 1166356 openssh-server-dbgsym_7.7p1-4ubuntu0.2_ppc64el.ddeb 109f21ef8811bdc6d4f37e3b76571748f9ee2005 278864 openssh-server-udeb_7.7p1-4ubuntu0.2_ppc64el.udeb d743a949fd7e7cab3207e9ea4d7073ce51f39829 401608 openssh-server_7.7p1-4ubuntu0.2_ppc64el.deb 8fa70fbfacbe54dcf4a5152448b0f820c0464f01 161500 openssh-sftp-server-dbgsym_7.7p1-4ubuntu0.2_ppc64el.ddeb 74a030be415abcf3a2547b119b46742493e6eba6 55968 openssh-sftp-server_7.7p1-4ubuntu0.2_ppc64el.deb 261c2d3da90735391e5f6c586a0cc45b41abe0b4 17319 openssh_7.7p1-4ubuntu0.2_ppc64el.buildinfo 07cf10499e85d1f1d8b28c505b45d223261c6a99 8454 openssh_7.7p1-4ubuntu0.2_ppc64el_translations.tar.gz ac912e99008d7302089dcf11fe56f9ad73c250aa 12552 ssh-askpass-gnome-dbgsym_7.7p1-4ubuntu0.2_ppc64el.ddeb a5883fd70a0a6ad3de4ad16dbe2cc056f1d56ba2 17380 ssh-askpass-gnome_7.7p1-4ubuntu0.2_ppc64el.deb Checksums-Sha256: 516fe9054e38c6417fe3c5a904733d39cb8f8c8ec7bb4d12d472c3a58b076079 3965992 openssh-client-dbgsym_7.7p1-4ubuntu0.2_ppc64el.ddeb 490e85e07df03a4b3aebc9db5a871933e5082c7a538175916c85bddc414b532e 268792 openssh-client-udeb_7.7p1-4ubuntu0.2_ppc64el.udeb e1616decb7b07612c57b745378c5b51fefc8acc6e1923c691da2fea4ecab384f 692372 openssh-client_7.7p1-4ubuntu0.2_ppc64el.deb 407717e4e34d166c6c7297d698a5c77db3155b5e7033d2d97b349e73be733ee3 1166356 openssh-server-dbgsym_7.7p1-4ubuntu0.2_ppc64el.ddeb 469c7c4ba77a9c410c653b3ed1d74dbb2d289665c1836b1db2772b62152d78b5 278864 openssh-server-udeb_7.7p1-4ubuntu0.2_ppc64el.udeb b0da07947a1d03f9bdfc0476f5daabb6a8a479551260d85b6383b2dc788391ea 401608 openssh-server_7.7p1-4ubuntu0.2_ppc64el.deb 130e9c8162b2518057b7944b17fac57bc713f91f34ee503ecfc676546b4fd86e 161500 openssh-sftp-server-dbgsym_7.7p1-4ubuntu0.2_ppc64el.ddeb c5275faa76d0c7b4f38bacd20d6e72b2fe09b8525155040f2ba61586f144e774 55968 openssh-sftp-server_7.7p1-4ubuntu0.2_ppc64el.deb 7865a97c25721033a6324c8c178ef18df73bf98dc1c46a5f3931dfcc386db3ad 17319 openssh_7.7p1-4ubuntu0.2_ppc64el.buildinfo 29ab78bbbbc83670e2c7d99f9ead9d61f701e069aa6f145ce6a4b072708ebf92 8454 openssh_7.7p1-4ubuntu0.2_ppc64el_translations.tar.gz 43b482a9e86d5b82b932e2fabff3b69f82490663d722ca98569b231cc133f2a1 12552 ssh-askpass-gnome-dbgsym_7.7p1-4ubuntu0.2_ppc64el.ddeb 6f6677f107dfda05349e870d3932eef109e2e01572e572ab954394ad31c8d45e 17380 ssh-askpass-gnome_7.7p1-4ubuntu0.2_ppc64el.deb Files: 91b33408ee5e300082e192be962c138f 3965992 debug optional openssh-client-dbgsym_7.7p1-4ubuntu0.2_ppc64el.ddeb ee2a43e109ce12b7b913fbae31b743dc 268792 debian-installer optional openssh-client-udeb_7.7p1-4ubuntu0.2_ppc64el.udeb ec79d19b4f5e83512c34e8a30d006d00 692372 net standard openssh-client_7.7p1-4ubuntu0.2_ppc64el.deb 005f3749a06909bffb00b367aff8369d 1166356 debug optional openssh-server-dbgsym_7.7p1-4ubuntu0.2_ppc64el.ddeb 0a987d1065c96484d8d91fc7fba927f2 278864 debian-installer optional openssh-server-udeb_7.7p1-4ubuntu0.2_ppc64el.udeb 9c73dc90fa2e9a86e1a2693e6eadf364 401608 net optional openssh-server_7.7p1-4ubuntu0.2_ppc64el.deb 09912dc20dfe02902438fc7e3b41e8de 161500 debug optional openssh-sftp-server-dbgsym_7.7p1-4ubuntu0.2_ppc64el.ddeb f5017f8aed06d73523047d72402d7a7d 55968 net optional openssh-sftp-server_7.7p1-4ubuntu0.2_ppc64el.deb 2caf85495fa60adb3fa67d5c23fb75a8 17319 net standard openssh_7.7p1-4ubuntu0.2_ppc64el.buildinfo edc539e57429a81f9b2021c51ac51be4 8454 raw-translations - openssh_7.7p1-4ubuntu0.2_ppc64el_translations.tar.gz c3efc098adfe03f4dd87fc821515b078 12552 debug optional ssh-askpass-gnome-dbgsym_7.7p1-4ubuntu0.2_ppc64el.ddeb d48d0efbd381dbd857ce4d88ecb287a9 17380 gnome optional ssh-askpass-gnome_7.7p1-4ubuntu0.2_ppc64el.deb Original-Maintainer: Debian OpenSSH Maintainers