Format: 1.8 Date: Thu, 11 Aug 2016 08:38:27 -0400 Source: openssh Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: i386 i386_translations Version: 1:7.2p2-4ubuntu2.1 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Changes: openssh (1:7.2p2-4ubuntu2.1) xenial-security; urgency=medium . * SECURITY UPDATE: user enumeration via covert timing channel - debian/patches/CVE-2016-6210-1.patch: determine appropriate salt for invalid users in auth-passwd.c, openbsd-compat/xcrypt.c. - debian/patches/CVE-2016-6210-2.patch: mitigate timing of disallowed users PAM logins in auth-pam.c. - debian/patches/CVE-2016-6210-3.patch: search users for one with a valid salt in openbsd-compat/xcrypt.c. - CVE-2016-6210 * SECURITY UPDATE: denial of service via long passwords - debian/patches/CVE-2016-6515.patch: skip passwords longer than 1k in length in auth-passwd.c. - CVE-2016-6515 Checksums-Sha1: bac2c8683a0481610e852cd977e18230fc078495 942430 openssh-client-dbgsym_7.2p2-4ubuntu2.1_i386.ddeb feb51725a90b4810644357953dc05d6d188b8721 556280 openssh-client-ssh1-dbgsym_7.2p2-4ubuntu2.1_i386.ddeb 6d41dd881c09b5c2a6398e91796718b77862cde3 373060 openssh-client-ssh1_7.2p2-4ubuntu2.1_i386.deb e94cf0cdee746171941cdb5e38ad5fea192065d9 441228 openssh-client-udeb-dbgsym_7.2p2-4ubuntu2.1_i386.ddeb 5b30bcfadab2c8fde88e87cde781fea72a0f8c9b 280736 openssh-client-udeb_7.2p2-4ubuntu2.1_i386.udeb 25d4c65b52bbc7a422516f431d62d42cd9aa0e49 650688 openssh-client_7.2p2-4ubuntu2.1_i386.deb 0debe3ceeba3595803ac4e675c281077aacde33a 505042 openssh-server-dbgsym_7.2p2-4ubuntu2.1_i386.ddeb 6e062f90283be04f11e30620e4b9ce05f7a45444 495686 openssh-server-udeb-dbgsym_7.2p2-4ubuntu2.1_i386.ddeb 2ffdcc166af7d7d2e263a6ae3fb873fd462ca13a 294112 openssh-server-udeb_7.2p2-4ubuntu2.1_i386.udeb e159e7e368cc24a1c4d1e7dcd5f54875b9cc4e75 380494 openssh-server_7.2p2-4ubuntu2.1_i386.deb c2a30ca21ccc525ca7f0a1df77912be8d6753de6 68552 openssh-sftp-server-dbgsym_7.2p2-4ubuntu2.1_i386.ddeb d0ccd6caab589849cbb057bf7ac6cb79bee99643 43980 openssh-sftp-server_7.2p2-4ubuntu2.1_i386.deb 1192cf28d83e21c90c1e0485275564808a33e996 8585 openssh_7.2p2-4ubuntu2.1_i386_translations.tar.gz 70891df892e213fab137d44e3825d102487ba0c7 10902 ssh-askpass-gnome-dbgsym_7.2p2-4ubuntu2.1_i386.ddeb f03729d5de9f416ace579f7bca283f13ec112a30 14368 ssh-askpass-gnome_7.2p2-4ubuntu2.1_i386.deb Checksums-Sha256: f89d0377270011ae8dc05afff3874c89f5fa551eda87321d597f0313a1eba94b 942430 openssh-client-dbgsym_7.2p2-4ubuntu2.1_i386.ddeb 56df9343493b850f3bc674426c160738b3aeb8604a39b83aa03e8ace1cbb94dc 556280 openssh-client-ssh1-dbgsym_7.2p2-4ubuntu2.1_i386.ddeb 9dbbac1ddb05e17671b6856b7daf5d6f9df071e38ef65a058fe5deb3a2fe3dd6 373060 openssh-client-ssh1_7.2p2-4ubuntu2.1_i386.deb c1e7ef712e9b409dbfd9cc1dd9eec323060acfad08b86a7d37ba5f6ba4cdc842 441228 openssh-client-udeb-dbgsym_7.2p2-4ubuntu2.1_i386.ddeb 838e0eaac59a2a1ee9fb080910a3d4790c41315e43cc26ad4cb2dd2dc5b5b533 280736 openssh-client-udeb_7.2p2-4ubuntu2.1_i386.udeb 01428b3b024c862ed38d1af3874f86697a40dec457fd7e19c8548688e616fce3 650688 openssh-client_7.2p2-4ubuntu2.1_i386.deb 1378b27eee054320583d2a3488e6f49ae0e7f531ce7be725459627b61cbd12b9 505042 openssh-server-dbgsym_7.2p2-4ubuntu2.1_i386.ddeb 3d9382bc0a1391177e553da2c2a735519d77500cd9af67f6afa52bd05c3a8d68 495686 openssh-server-udeb-dbgsym_7.2p2-4ubuntu2.1_i386.ddeb 0023c315a68108800f1c226cd439438e0943e098bebf6652b27c1de800158c29 294112 openssh-server-udeb_7.2p2-4ubuntu2.1_i386.udeb 8b04171fcf161b98910b688d78d3b815a16b888b10857d7c32b8048ba77f71ce 380494 openssh-server_7.2p2-4ubuntu2.1_i386.deb 0bbb3b5ddcd09cc4dcae5a2b4c5b2f643c484abd3f65934e87f40d53bd445877 68552 openssh-sftp-server-dbgsym_7.2p2-4ubuntu2.1_i386.ddeb 5016ad733547ab90a5414925221963c0ea795d3e5cc488452323b87e3c16f72f 43980 openssh-sftp-server_7.2p2-4ubuntu2.1_i386.deb 14697220680dcb962dbc84c88949dbc1fd7584a73d9dbff5fe58acc4fd4a0334 8585 openssh_7.2p2-4ubuntu2.1_i386_translations.tar.gz 2a6491f31eb0fc77e323cf1fbfefc615185be8ad00f27c1df811c5d8c43fa89f 10902 ssh-askpass-gnome-dbgsym_7.2p2-4ubuntu2.1_i386.ddeb f176e111a49c963ae35986af7730b85f9b77e68a14c1cb7c981a0052d3e5b075 14368 ssh-askpass-gnome_7.2p2-4ubuntu2.1_i386.deb Files: 539948f0a567126ba4912295ccfc12dd 942430 net extra openssh-client-dbgsym_7.2p2-4ubuntu2.1_i386.ddeb 643088e2ce0f598302108b8053691af9 556280 net extra openssh-client-ssh1-dbgsym_7.2p2-4ubuntu2.1_i386.ddeb aa971bb2843d7c8f8ade95fab4145411 373060 net extra openssh-client-ssh1_7.2p2-4ubuntu2.1_i386.deb 892ee64f1819f405587c5131ed84630d 441228 debian-installer extra openssh-client-udeb-dbgsym_7.2p2-4ubuntu2.1_i386.ddeb 84984d823db819ac2540641d671fbb0c 280736 debian-installer optional openssh-client-udeb_7.2p2-4ubuntu2.1_i386.udeb aa2e9c35933cf54c94ba7eb6ab5421f8 650688 net standard openssh-client_7.2p2-4ubuntu2.1_i386.deb 22ea21aa3d4e112d32a5dd7c0113e428 505042 net extra openssh-server-dbgsym_7.2p2-4ubuntu2.1_i386.ddeb 7d214460ad4fdcbe74d0836e19da8796 495686 debian-installer extra openssh-server-udeb-dbgsym_7.2p2-4ubuntu2.1_i386.ddeb c57d5ea3e00a13cc48671c5f2cd02713 294112 debian-installer optional openssh-server-udeb_7.2p2-4ubuntu2.1_i386.udeb 3305852f6784205b05d4ff78ef0ee77b 380494 net optional openssh-server_7.2p2-4ubuntu2.1_i386.deb a677519b916251a6083a9fa375f98e69 68552 net extra openssh-sftp-server-dbgsym_7.2p2-4ubuntu2.1_i386.ddeb f83d0db2b17e39e8543fdb06bcf7a067 43980 net optional openssh-sftp-server_7.2p2-4ubuntu2.1_i386.deb c085b013b7223e614bbdb7cbbde84375 8585 raw-translations - openssh_7.2p2-4ubuntu2.1_i386_translations.tar.gz 61830b319ecfd546aba2ee15743a5d68 10902 gnome extra ssh-askpass-gnome-dbgsym_7.2p2-4ubuntu2.1_i386.ddeb 024ed2b9d63c64449963fa4ff82137c6 14368 gnome optional ssh-askpass-gnome_7.2p2-4ubuntu2.1_i386.deb Original-Maintainer: Debian OpenSSH Maintainers