Format: 1.8 Date: Fri, 14 Aug 2015 07:26:18 -0400 Source: openssh Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: i386 i386_translations Version: 1:6.7p1-5ubuntu1.2 Distribution: vivid Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Changes: openssh (1:6.7p1-5ubuntu1.2) vivid-security; urgency=medium . * SECURITY UPDATE: possible user impersonation via PAM support - debian/patches/pam-security-1.patch: don't resend username to PAM in monitor.c, monitor_wrap.c. - CVE number pending * SECURITY UPDATE: use-after-free in PAM support - debian/patches/pam-security-2.patch: fix use after free in monitor.c. - CVE number pending * SECURITY UPDATE: - debian/patches/CVE-2015-5600.patch: only query each keyboard-interactive device once per authentication request in auth2-chall.c. - CVE-2015-5600 * SECURITY UPDATE: X connections access restriction bypass - debian/patches/CVE-2015-5352.patch: refuse ForwardX11Trusted=no connections attempted after ForwardX11Timeout expires in channels.c, channels.h, clientloop.c. - CVE-2015-5352 Checksums-Sha1: 14071e37f6ac475e605c7f3fd4b676763efedd46 642108 openssh-client_6.7p1-5ubuntu1.2_i386.deb 8a1fb8cad1744ec9eada2da506de1f0f0be78220 373018 openssh-server_6.7p1-5ubuntu1.2_i386.deb 6d450563519d940d901ed53863e8eb45a48b58fe 43178 openssh-sftp-server_6.7p1-5ubuntu1.2_i386.deb 9471abe3c8fa8433294f7897e0b810b59cc938cb 14656 ssh-askpass-gnome_6.7p1-5ubuntu1.2_i386.deb b06de514f71689c0163fe6a3b395d14a2f8fb604 267426 openssh-client-udeb_6.7p1-5ubuntu1.2_i386.udeb db4d43293b51d243f580c4ab223bab8c3b6686d3 296164 openssh-server-udeb_6.7p1-5ubuntu1.2_i386.udeb 397c7a284d5ba0aa6f15f80c4c31c65450e5d18d 755866 openssh-client-dbgsym_6.7p1-5ubuntu1.2_i386.ddeb 02c66b163663cc53e2f8d96b30a171da548845af 410824 openssh-server-dbgsym_6.7p1-5ubuntu1.2_i386.ddeb c4aa49c72433afd7de55090eccc4567f9939ea57 60062 openssh-sftp-server-dbgsym_6.7p1-5ubuntu1.2_i386.ddeb c5a28a774220e2e6fb814397207ac2581f50ac8e 12802 ssh-askpass-gnome-dbgsym_6.7p1-5ubuntu1.2_i386.ddeb f121a2fdc9ac0978de7af8d73450bb0bd22e2498 417482 openssh-client-udeb-dbgsym_6.7p1-5ubuntu1.2_i386.ddeb 66bf7f88318da0317fdf3bd9fb08f10089af8bfe 486608 openssh-server-udeb-dbgsym_6.7p1-5ubuntu1.2_i386.ddeb ea0d86a954e7d642c770ebc71d22ba3a4f0b632b 8482 openssh_6.7p1-5ubuntu1.2_i386_translations.tar.gz Checksums-Sha256: a57fba295dc2daea2c5dfd3d394f209d1d2f1bbea75afdad915374bedafc2566 642108 openssh-client_6.7p1-5ubuntu1.2_i386.deb 13dc8f820fdf4e83f1562c66d8d186be049fdcfc5edc88b76c8769b62f872ba5 373018 openssh-server_6.7p1-5ubuntu1.2_i386.deb 00903f76af07e8d36aca1809410f27bd4395aa4dfda1bc2dbd5dcb2416ab0d7a 43178 openssh-sftp-server_6.7p1-5ubuntu1.2_i386.deb 34456a49ca360e1decf1498e7d26ec40b14ac9e8967d1d9fea76256400bee599 14656 ssh-askpass-gnome_6.7p1-5ubuntu1.2_i386.deb 24d9f27e38641302dd92ca2568c36329f8dc421d52330e1199a76b804a2e46cd 267426 openssh-client-udeb_6.7p1-5ubuntu1.2_i386.udeb 449eea6eebef6786cfbf40c420c95f2745e269ba760f82e751131f3f98d3350d 296164 openssh-server-udeb_6.7p1-5ubuntu1.2_i386.udeb 79bd5e4a771b65eb70ec6f9604ea72d1c38f63432e6693b0cb9a65d55da01ac2 755866 openssh-client-dbgsym_6.7p1-5ubuntu1.2_i386.ddeb 208ea85490c96441a2cc75a12bad4a166de723751ab574bf9dfe7b4fb06c7fff 410824 openssh-server-dbgsym_6.7p1-5ubuntu1.2_i386.ddeb d6e13e54920af5d887b4f95eaa191dc7672c9115260d54bfb2a4cc97f667c1c2 60062 openssh-sftp-server-dbgsym_6.7p1-5ubuntu1.2_i386.ddeb 90909816f865536cf070f2c3b64e434d268f6ed35a69bad4eb25671b8f356fd2 12802 ssh-askpass-gnome-dbgsym_6.7p1-5ubuntu1.2_i386.ddeb cca4657bfa46232235cf019dfd5c8c2577986ed9c6eafe32060d7ee9bea236f4 417482 openssh-client-udeb-dbgsym_6.7p1-5ubuntu1.2_i386.ddeb 501b9c4192f90a858cc6c00a49ee2575ddac3b21049ae8bfb345aa8feb2781f8 486608 openssh-server-udeb-dbgsym_6.7p1-5ubuntu1.2_i386.ddeb 35a044b02706a1b96e255531f1103adf196bfd2698f68aba9f9c5dc16fd1d508 8482 openssh_6.7p1-5ubuntu1.2_i386_translations.tar.gz Files: b92a549116634592b5a951698a6b76eb 642108 net standard openssh-client_6.7p1-5ubuntu1.2_i386.deb 073544ecc2ca825da99392dc418fccd4 373018 net optional openssh-server_6.7p1-5ubuntu1.2_i386.deb 5afb93a3901748d65a5e1bbad713bb58 43178 net optional openssh-sftp-server_6.7p1-5ubuntu1.2_i386.deb 7311df2a34ed76412456f95ade67a281 14656 gnome optional ssh-askpass-gnome_6.7p1-5ubuntu1.2_i386.deb c1ca84c391f911fd3e8ad13c958bcb70 267426 debian-installer optional openssh-client-udeb_6.7p1-5ubuntu1.2_i386.udeb 7af5128601e416cb808bcd97da276f3a 296164 debian-installer optional openssh-server-udeb_6.7p1-5ubuntu1.2_i386.udeb 5289a5da9f8cd412d4f5a00f2e3d15de 755866 net extra openssh-client-dbgsym_6.7p1-5ubuntu1.2_i386.ddeb 7e155cfa313e220ebb99b214499fc1aa 410824 net extra openssh-server-dbgsym_6.7p1-5ubuntu1.2_i386.ddeb a688e6f5735bf9cf32a908786cd60ef2 60062 net extra openssh-sftp-server-dbgsym_6.7p1-5ubuntu1.2_i386.ddeb 0c180d0986589d37c720070cfd6d08c7 12802 gnome extra ssh-askpass-gnome-dbgsym_6.7p1-5ubuntu1.2_i386.ddeb 4bd28e02a79986ad556ebba63738d751 417482 debian-installer extra openssh-client-udeb-dbgsym_6.7p1-5ubuntu1.2_i386.ddeb 89b21fa156b548154784f92ee22b333b 486608 debian-installer extra openssh-server-udeb-dbgsym_6.7p1-5ubuntu1.2_i386.ddeb 3302bc579259a3080db95ca536967d9a 8482 raw-translations - openssh_6.7p1-5ubuntu1.2_i386_translations.tar.gz Original-Maintainer: Debian OpenSSH Maintainers