Format: 1.8 Date: Fri, 14 Aug 2015 07:31:00 -0400 Source: openssh Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: armhf armhf_translations Version: 1:6.6p1-2ubuntu2.2 Distribution: trusty Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Changes: openssh (1:6.6p1-2ubuntu2.2) trusty-security; urgency=medium . * SECURITY UPDATE: possible user impersonation via PAM support - debian/patches/pam-security-1.patch: don't resend username to PAM in monitor.c, monitor_wrap.c. - CVE number pending * SECURITY UPDATE: use-after-free in PAM support - debian/patches/pam-security-2.patch: fix use after free in monitor.c. - CVE number pending * SECURITY UPDATE: - debian/patches/CVE-2015-5600.patch: only query each keyboard-interactive device once per authentication request in auth2-chall.c. - CVE-2015-5600 * SECURITY UPDATE: X connections access restriction bypass - debian/patches/CVE-2015-5352.patch: refuse ForwardX11Trusted=no connections attempted after ForwardX11Timeout expires in channels.c, channels.h, clientloop.c. - CVE-2015-5352 Checksums-Sha1: 027cf5cecce587f22865b252b0555bf8c0cc2628 524860 openssh-client_6.6p1-2ubuntu2.2_armhf.deb 2d5eda53ef42e1d9cc30d793d9d064320a2468ec 315620 openssh-server_6.6p1-2ubuntu2.2_armhf.deb 0930431cbbc73eba91e5bd6fd979a17984c5b882 30648 openssh-sftp-server_6.6p1-2ubuntu2.2_armhf.deb b361266ea621588969ad6cbbf1427a6a99583420 14014 ssh-askpass-gnome_6.6p1-2ubuntu2.2_armhf.deb e201824164ba17b20e95124802a08ac001f10dda 234536 openssh-client-udeb_6.6p1-2ubuntu2.2_armhf.udeb c94f80b74a564f9a3b6e3bd7db73726e9da3a719 260050 openssh-server-udeb_6.6p1-2ubuntu2.2_armhf.udeb 40c8e48d49f6beac638dbaa7e8a248c4b2c6d62f 963498 openssh-client-dbgsym_6.6p1-2ubuntu2.2_armhf.ddeb 7275783fbd2fb188e7dea40b5f1ba7f46b74fab8 538400 openssh-server-dbgsym_6.6p1-2ubuntu2.2_armhf.ddeb b0874667a43bbf231df562cf481ce8f8a43984dd 67190 openssh-sftp-server-dbgsym_6.6p1-2ubuntu2.2_armhf.ddeb 9fb184a31df4c0027d6ca93f0b75bfeb3c0ba5ef 13616 ssh-askpass-gnome-dbgsym_6.6p1-2ubuntu2.2_armhf.ddeb de5918da491564859d8d417bb9ecb1986e5def06 473668 openssh-client-udeb-dbgsym_6.6p1-2ubuntu2.2_armhf.ddeb 4c3f2be2c54ad95d659c534836fd1ab142a22355 556750 openssh-server-udeb-dbgsym_6.6p1-2ubuntu2.2_armhf.ddeb bc1d9d0807238f1722c4ea16f0ede766fe85da6b 5697 openssh_6.6p1-2ubuntu2.2_armhf_translations.tar.gz Checksums-Sha256: 7d89e8f8e448c2805204739767c248fb5fa8aabcce2e1c4ca05c5599a4dccdee 524860 openssh-client_6.6p1-2ubuntu2.2_armhf.deb 2891d341347ad2d758cc86d87d7e850c49dcd7ff3ffddc62c0fd666efd304d04 315620 openssh-server_6.6p1-2ubuntu2.2_armhf.deb 1cc91202e0377fab482f66ba94ebef892a0f7ddf84b29857939f298d04e2567f 30648 openssh-sftp-server_6.6p1-2ubuntu2.2_armhf.deb eba13ce667b3767237a72206d354a046e75663c05e75abcaab01f0c3052e55c7 14014 ssh-askpass-gnome_6.6p1-2ubuntu2.2_armhf.deb 996faf769d774c34449d368b64a3f427f0b0114e745c3096b6ada310594c4c95 234536 openssh-client-udeb_6.6p1-2ubuntu2.2_armhf.udeb 214d182aae0c08d381845146858bccef0c92d4d0b8fda706ed9c0b6608a4dc7b 260050 openssh-server-udeb_6.6p1-2ubuntu2.2_armhf.udeb 8bc9db192d646c2b62a5b1bac5f4d7dcd71e229aa0a69b925582400f15d6ba2b 963498 openssh-client-dbgsym_6.6p1-2ubuntu2.2_armhf.ddeb 10bf47088dd4c4c33d2893c673089a588bdd9a2072c1cca32f125f60818441d4 538400 openssh-server-dbgsym_6.6p1-2ubuntu2.2_armhf.ddeb 8861dcabe9ef451f333a132f4a27b5edb8d2c200c2c8cc3da64805bf42ae7592 67190 openssh-sftp-server-dbgsym_6.6p1-2ubuntu2.2_armhf.ddeb a3074ee219d3a873e3b0689bb22e18f8dc06f5fbd7c05470fac2ad7c662474a2 13616 ssh-askpass-gnome-dbgsym_6.6p1-2ubuntu2.2_armhf.ddeb da9f3fe3c2ba0d535948e02ba09e76df2c869f8974050bdb190b6904d910209f 473668 openssh-client-udeb-dbgsym_6.6p1-2ubuntu2.2_armhf.ddeb 9cdf3d78e3f57aab04ae87cae1c6c606e762cf680fb24e2298e66b555a43a8c4 556750 openssh-server-udeb-dbgsym_6.6p1-2ubuntu2.2_armhf.ddeb 929648d08a258ff430de71317c389f12c1cf4f69958bc6e53759dfd5bd1b7e5b 5697 openssh_6.6p1-2ubuntu2.2_armhf_translations.tar.gz Files: 1348e386777ac39ab7313fe3aa920c85 524860 net standard openssh-client_6.6p1-2ubuntu2.2_armhf.deb c9b1acbe27c09eb09cc415950d816dc6 315620 net optional openssh-server_6.6p1-2ubuntu2.2_armhf.deb 6d68bcab80693998a5d74bb830a25a6a 30648 net optional openssh-sftp-server_6.6p1-2ubuntu2.2_armhf.deb 083e4c25858ff7273128b07e0d2c0715 14014 gnome optional ssh-askpass-gnome_6.6p1-2ubuntu2.2_armhf.deb ae8eb5b7da31168b8528b7d159638d40 234536 debian-installer optional openssh-client-udeb_6.6p1-2ubuntu2.2_armhf.udeb 4310eb7fe15817242252cafc7882f73f 260050 debian-installer optional openssh-server-udeb_6.6p1-2ubuntu2.2_armhf.udeb c77b5d9994ed1887913a3890512a00a7 963498 net extra openssh-client-dbgsym_6.6p1-2ubuntu2.2_armhf.ddeb 35448f5c7e4270cc40060835ec4a1cec 538400 net extra openssh-server-dbgsym_6.6p1-2ubuntu2.2_armhf.ddeb 53154daf799f8a7d32d9b0d1af05bf7a 67190 net extra openssh-sftp-server-dbgsym_6.6p1-2ubuntu2.2_armhf.ddeb 22bec1a8109facb5d483fc30542fea23 13616 gnome extra ssh-askpass-gnome-dbgsym_6.6p1-2ubuntu2.2_armhf.ddeb 13131a77a1dc1240dadfde0b11df6856 473668 debian-installer extra openssh-client-udeb-dbgsym_6.6p1-2ubuntu2.2_armhf.ddeb eaf757fe6cb4cad38a905accf5577cb0 556750 debian-installer extra openssh-server-udeb-dbgsym_6.6p1-2ubuntu2.2_armhf.ddeb 82aa5cdfa78b175fd28fb522bec61a2f 5697 raw-translations - openssh_6.6p1-2ubuntu2.2_armhf_translations.tar.gz Original-Maintainer: Debian OpenSSH Maintainers Package-Type: udeb