-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 29 Aug 2018 12:01:36 +0200 Source: openssh Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: source amd64 all Version: 1:6.7p1-5+deb8u6 Distribution: jessie-security Urgency: medium Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> Changed-By: Santiago Ruano Rincón <santiagorr@riseup.net> Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Closes: 790798 793616 795711 848716 848717 Changes: openssh (1:6.7p1-5+deb8u6) jessie-security; urgency=medium . * Fix CVE-2015-5352: Reject X11 connections after hard-coded Xauth cookie expiration time of 1200 seconds. (Closes: #790798) * CVE-2015-5600: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices - Add debian/patches/CVE-2015-5600-2.patch: initialize struct field (Closes: #793616) * CVE-2015-6563: Privilege separation weakness in PAM support (Closes: #795711) * CVE-2015-6564: use-after-free in PAM support * CVE-2016-10009: Untrusted search path vulnerability in ssh-agent.c in ssh-agent allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. * CVE-2016-10011: Possible local information disclosure by the effects of realloc on buffer contents (Closes: #848716) - add split-allocation-out-of-sshbuf_reserve.patch, required to address the issue. * CVE-2016-10012: Lack of bounds check in the shared memory manager that could lead to local privilege escalation (Closes: #848717) * CVE-2016-10708: privsep process chrashing via an out-of-sequence NEWKEYS message * CVE-2016-1908: mishandling failed cookie generation for untrusted X11 forwarding * CVE-2016-3115: shell-command restrictions bypass via crafted X11 forwarding data * CVE-2016-6515: not limit password lengths for password authentication that may be used to DoS via crypt CPU consumption * CVE-2017-15906: sftp-server.c flaw at handling zero-length files. Checksums-Sha1: 5a3ea49f1b54f9e82494798951f3f071e73e8162 2756 openssh_6.7p1-5+deb8u6.dsc 11013d2721b439b4acfa50b9e195aae1cb7d7004 165696 openssh_6.7p1-5+deb8u6.debian.tar.xz c56878866c58bb90c5995d80b729923c52ef53ff 693906 openssh-client_6.7p1-5+deb8u6_amd64.deb 256cfa38c6c329dc33d61ee3fa1103903e9603f2 328260 openssh-server_6.7p1-5+deb8u6_amd64.deb f7fa8d1e1405608232ee45f3ac4fec4b67f21b12 37918 openssh-sftp-server_6.7p1-5+deb8u6_amd64.deb e36d3d5ae4348ddfc3babb1483df93f4da2706e8 120774 ssh_6.7p1-5+deb8u6_all.deb 6a42fea803de9ec98b5fc4f87de79b760cdabea4 120292 ssh-krb5_6.7p1-5+deb8u6_all.deb 9497e0a9062235a488cf59ed1f7083f84fbbce77 128402 ssh-askpass-gnome_6.7p1-5+deb8u6_amd64.deb f1b053e57c23c76530dce378a99d6d89fda4dc4d 258836 openssh-client-udeb_6.7p1-5+deb8u6_amd64.udeb 7f241856e6432ac3e81210ef2ac5ee5cc6ae9731 283812 openssh-server-udeb_6.7p1-5+deb8u6_amd64.udeb Checksums-Sha256: 429aa2e7b955b4689d8396105a1ba827c7e438ffc08f88b8c1b99b0a5695af45 2756 openssh_6.7p1-5+deb8u6.dsc 10584034c1bbf030503712dd2a5bd643fc90cfc3b2bee1cc7e960af6c73dbd66 165696 openssh_6.7p1-5+deb8u6.debian.tar.xz 28208706156660ce3054f90a11c7aa42da16f71b54571eb4449bf0d7df6cf438 693906 openssh-client_6.7p1-5+deb8u6_amd64.deb a3de7e4a712412b2f38149a5188643358f05c28d166b2f82fb3014892e07beed 328260 openssh-server_6.7p1-5+deb8u6_amd64.deb 0de4f9ab136d3e1846772516d7d98d4e5888ce9b7a1e215811d41eac0f407200 37918 openssh-sftp-server_6.7p1-5+deb8u6_amd64.deb 96b81c9263f71cebc4400ef0f987b2924692ede28f7d060c8f5b5098f6aaeba6 120774 ssh_6.7p1-5+deb8u6_all.deb e675360ce284502c4db36e280d152d211fa4839f96a1b8f3e03766d223f6f0da 120292 ssh-krb5_6.7p1-5+deb8u6_all.deb b6d3102fed8ef5a81f57c77a72dda62b6ce551638e3d1ec94733d0295ede7a02 128402 ssh-askpass-gnome_6.7p1-5+deb8u6_amd64.deb ff465a76ccb88f854145b47a29de3aea6b864cdcf1e652476b5b59958a9b745f 258836 openssh-client-udeb_6.7p1-5+deb8u6_amd64.udeb 591d0e78450949ee6a07fd821ef505397541645bfd265394d7034ab5850fa490 283812 openssh-server-udeb_6.7p1-5+deb8u6_amd64.udeb Files: 2aa32d3bec93c6459b4b339a9323fdf6 2756 net standard openssh_6.7p1-5+deb8u6.dsc b5418df4d5f5319559ede7eafa713faf 165696 net standard openssh_6.7p1-5+deb8u6.debian.tar.xz f66d86fbc94f0eff11ebf45129c907c4 693906 net standard openssh-client_6.7p1-5+deb8u6_amd64.deb 14c404507cafe4f9817b10c8b8a7b91d 328260 net optional openssh-server_6.7p1-5+deb8u6_amd64.deb c30f53bc541036f6a4c00f4f5dc052ae 37918 net optional openssh-sftp-server_6.7p1-5+deb8u6_amd64.deb 924638afd2ee1b2aa77cdadbe126e395 120774 net extra ssh_6.7p1-5+deb8u6_all.deb 4139c2818045822e34f60b5d51dcbfc2 120292 oldlibs extra ssh-krb5_6.7p1-5+deb8u6_all.deb 0ed7907a8da394ba94ec25e913560268 128402 gnome optional ssh-askpass-gnome_6.7p1-5+deb8u6_amd64.deb d0cd5b4b97cd2d9a34a0edb48853c70f 258836 debian-installer optional openssh-client-udeb_6.7p1-5+deb8u6_amd64.udeb e550bf60d6af5c938ec3f13581d13a84 283812 debian-installer optional openssh-server-udeb_6.7p1-5+deb8u6_amd64.udeb -----BEGIN PGP SIGNATURE----- iQJKBAEBCgA0FiEEwUqnBPVvaa0NAVzHFX/a4RXx4q0FAluV844WHHNhbnRpYWdv cnJAcmlzZXVwLm5ldAAKCRAVf9rhFfHirQgSD/4hWVBNPyfMVRXd9sUzO6cC2Df/ CnmNpKfu6s4bEEmgxJTX5+KMRfDqLS9a7pYTl4TaS5Rp7eNHEK3DZVGsSFaasoyW aVOdO3LTHZ5uB8yYkq5WgdeEv/2JU0Im54ZCk6Q7/AQzZfGpaeOCYpxLa2SMGfeH gzU/9W0t+RahBCx9CcCuS3nIt40kdNxlEDM9Bx6hUR93qTidM9t1CtPc0Rms/jon 0sgXqv9sTNnyNdI+NpYttLDBuzWSf13YWvBnYYxV92zlrUtVkSVn3yVadSXLW73u nbjRp47zB1KY37j5TaT4hJ4zVuR15jZvBMGK6lbZeiMCKrYEj59wzC9uCQ+zf59K gL/j4oUDeR0FrTb7ZH5PPBgJJ8qMeOoCJIu8Q3hI4zSV6/JYxiqSGp/rb1fTaUau VM81UGQ6mg6q5Vj/4UnVzFHEpSDL/rXUKgnRNrDGdKfzZSn3/KnC0vFDTeLKZZtV 9mfjKGt2GOGck3bASLEWU99lJX/RIiN9KV/elKRZuJnWhsm+a3mp5SaegomTluJA qg8876fYGX781iIjEkGUB3We82AVa6N7Kt2BhN2PMa9PcTGYyLUwDuMwzGCJc9Qu NHkAaS8PKZrjkL3nkcoKpv8VW2gGaSeeBC6Un8QZZLxO4CN+cDu3PA/JQdkSuGsh CdqVJ73aYr7MFPV9+A== =Ej5m -----END PGP SIGNATURE-----