openssh (1:7.3p1-1ubuntu0.2) yakkety-security; urgency=medium
* SECURITY UPDATE: ssh-agent can be convinced to load PKCS#11
modules from arbitrary locations.
- debian/patches/CVE-2016-10009.patch: add whitelist of paths to
load PKCS#11 modules from.
- CVE-2016-10009
* SECURITY UPDATE: forwarded Unix-domain sockets would be created
by sshd(8) with the privileges of 'root' when priv-sep is disabled.
- debian/patches/CVE-2016-10010.patch: disable Unix-domain socket
forwarding when privsep is disabled.
- CVE-2016-10010
* SECURITY UPDATE: leak of host private key material to
privilege-separated child processes
- debian/patches/CVE-2016-10011-1.patch: split allocation out of
sshbuf_reserve() into a separate sshbuf_allocate() function.
- debian/patches/CVE-2016-10011-2.patch: use sshbuf_allocate()
to pre-allocate the buffer used for loading keys.
- CVE-2016-10011
* SECURITY UPDATE: possible shared memory manager bounds checks
compiled out.
- debian/patches/CVE-2016-10012.patch: Remove support for
pre-authentication compression (where miscompilation can occur);
- CVE-2016-10012
* SECURITY UPDATE: self connection DoS
- debian/patches/CVE-2016-8858.patch:Unregister the KEXINIT handler
after message has been received
- CVE-2016-8858
-- Steve Beattie <email address hidden> Wed, 21 Dec 2016 09:53:58 -0800