Accepted openssh 1:6.7p1-5+deb8u6 (source amd64 all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 29 Aug 2018 12:01:36 +0200
Source: openssh
Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source amd64 all
Version: 1:6.7p1-5+deb8u6
Distribution: jessie-security
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Santiago Ruano Rincón <santiagorr@riseup.net>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote machines
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 790798 793616 795711 848716 848717
Changes:
openssh (1:6.7p1-5+deb8u6) jessie-security; urgency=medium
.
* Fix CVE-2015-5352: Reject X11 connections after hard-coded Xauth cookie
expiration time of 1200 seconds.
(Closes: #790798)
* CVE-2015-5600: MaxAuthTries limit bypass via duplicates in
KbdInteractiveDevices
- Add debian/patches/CVE-2015-5600-2.patch: initialize struct field
(Closes: #793616)
* CVE-2015-6563: Privilege separation weakness in PAM support
(Closes: #795711)
* CVE-2015-6564: use-after-free in PAM support
* CVE-2016-10009: Untrusted search path vulnerability in ssh-agent.c in
ssh-agent allows remote attackers to execute arbitrary local PKCS#11
modules by leveraging control over a forwarded agent-socket.
* CVE-2016-10011: Possible local information disclosure by the effects of
realloc on buffer contents
(Closes: #848716)
- add split-allocation-out-of-sshbuf_reserve.patch, required to address
the issue.
* CVE-2016-10012: Lack of bounds check in the shared memory manager that
could lead to local privilege escalation
(Closes: #848717)
* CVE-2016-10708: privsep process chrashing via an out-of-sequence
NEWKEYS message
* CVE-2016-1908: mishandling failed cookie generation for untrusted X11
forwarding
* CVE-2016-3115: shell-command restrictions bypass via crafted X11
forwarding data
* CVE-2016-6515: not limit password lengths for password authentication
that may be used to DoS via crypt CPU consumption
* CVE-2017-15906: sftp-server.c flaw at handling zero-length files.
Checksums-Sha1:
5a3ea49f1b54f9e82494798951f3f071e73e8162 2756 openssh_6.7p1-5+deb8u6.dsc
11013d2721b439b4acfa50b9e195aae1cb7d7004 165696 openssh_6.7p1-5+deb8u6.debian.tar.xz
c56878866c58bb90c5995d80b729923c52ef53ff 693906 openssh-client_6.7p1-5+deb8u6_amd64.deb
256cfa38c6c329dc33d61ee3fa1103903e9603f2 328260 openssh-server_6.7p1-5+deb8u6_amd64.deb
f7fa8d1e1405608232ee45f3ac4fec4b67f21b12 37918 openssh-sftp-server_6.7p1-5+deb8u6_amd64.deb
e36d3d5ae4348ddfc3babb1483df93f4da2706e8 120774 ssh_6.7p1-5+deb8u6_all.deb
6a42fea803de9ec98b5fc4f87de79b760cdabea4 120292 ssh-krb5_6.7p1-5+deb8u6_all.deb
9497e0a9062235a488cf59ed1f7083f84fbbce77 128402 ssh-askpass-gnome_6.7p1-5+deb8u6_amd64.deb
f1b053e57c23c76530dce378a99d6d89fda4dc4d 258836 openssh-client-udeb_6.7p1-5+deb8u6_amd64.udeb
7f241856e6432ac3e81210ef2ac5ee5cc6ae9731 283812 openssh-server-udeb_6.7p1-5+deb8u6_amd64.udeb
Checksums-Sha256:
429aa2e7b955b4689d8396105a1ba827c7e438ffc08f88b8c1b99b0a5695af45 2756 openssh_6.7p1-5+deb8u6.dsc
10584034c1bbf030503712dd2a5bd643fc90cfc3b2bee1cc7e960af6c73dbd66 165696 openssh_6.7p1-5+deb8u6.debian.tar.xz
28208706156660ce3054f90a11c7aa42da16f71b54571eb4449bf0d7df6cf438 693906 openssh-client_6.7p1-5+deb8u6_amd64.deb
a3de7e4a712412b2f38149a5188643358f05c28d166b2f82fb3014892e07beed 328260 openssh-server_6.7p1-5+deb8u6_amd64.deb
0de4f9ab136d3e1846772516d7d98d4e5888ce9b7a1e215811d41eac0f407200 37918 openssh-sftp-server_6.7p1-5+deb8u6_amd64.deb
96b81c9263f71cebc4400ef0f987b2924692ede28f7d060c8f5b5098f6aaeba6 120774 ssh_6.7p1-5+deb8u6_all.deb
e675360ce284502c4db36e280d152d211fa4839f96a1b8f3e03766d223f6f0da 120292 ssh-krb5_6.7p1-5+deb8u6_all.deb
b6d3102fed8ef5a81f57c77a72dda62b6ce551638e3d1ec94733d0295ede7a02 128402 ssh-askpass-gnome_6.7p1-5+deb8u6_amd64.deb
ff465a76ccb88f854145b47a29de3aea6b864cdcf1e652476b5b59958a9b745f 258836 openssh-client-udeb_6.7p1-5+deb8u6_amd64.udeb
591d0e78450949ee6a07fd821ef505397541645bfd265394d7034ab5850fa490 283812 openssh-server-udeb_6.7p1-5+deb8u6_amd64.udeb
Files:
2aa32d3bec93c6459b4b339a9323fdf6 2756 net standard openssh_6.7p1-5+deb8u6.dsc
b5418df4d5f5319559ede7eafa713faf 165696 net standard openssh_6.7p1-5+deb8u6.debian.tar.xz
f66d86fbc94f0eff11ebf45129c907c4 693906 net standard openssh-client_6.7p1-5+deb8u6_amd64.deb
14c404507cafe4f9817b10c8b8a7b91d 328260 net optional openssh-server_6.7p1-5+deb8u6_amd64.deb
c30f53bc541036f6a4c00f4f5dc052ae 37918 net optional openssh-sftp-server_6.7p1-5+deb8u6_amd64.deb
924638afd2ee1b2aa77cdadbe126e395 120774 net extra ssh_6.7p1-5+deb8u6_all.deb
4139c2818045822e34f60b5d51dcbfc2 120292 oldlibs extra ssh-krb5_6.7p1-5+deb8u6_all.deb
0ed7907a8da394ba94ec25e913560268 128402 gnome optional ssh-askpass-gnome_6.7p1-5+deb8u6_amd64.deb
d0cd5b4b97cd2d9a34a0edb48853c70f 258836 debian-installer optional openssh-client-udeb_6.7p1-5+deb8u6_amd64.udeb
e550bf60d6af5c938ec3f13581d13a84 283812 debian-installer optional openssh-server-udeb_6.7p1-5+deb8u6_amd64.udeb
-----BEGIN PGP SIGNATURE-----
iQJKBAEBCgA0FiEEwUqnBPVvaa0NAVzHFX/a4RXx4q0FAluV844WHHNhbnRpYWdv
cnJAcmlzZXVwLm5ldAAKCRAVf9rhFfHirQgSD/4hWVBNPyfMVRXd9sUzO6cC2Df/
CnmNpKfu6s4bEEmgxJTX5+KMRfDqLS9a7pYTl4TaS5Rp7eNHEK3DZVGsSFaasoyW
aVOdO3LTHZ5uB8yYkq5WgdeEv/2JU0Im54ZCk6Q7/AQzZfGpaeOCYpxLa2SMGfeH
gzU/9W0t+RahBCx9CcCuS3nIt40kdNxlEDM9Bx6hUR93qTidM9t1CtPc0Rms/jon
0sgXqv9sTNnyNdI+NpYttLDBuzWSf13YWvBnYYxV92zlrUtVkSVn3yVadSXLW73u
nbjRp47zB1KY37j5TaT4hJ4zVuR15jZvBMGK6lbZeiMCKrYEj59wzC9uCQ+zf59K
gL/j4oUDeR0FrTb7ZH5PPBgJJ8qMeOoCJIu8Q3hI4zSV6/JYxiqSGp/rb1fTaUau
VM81UGQ6mg6q5Vj/4UnVzFHEpSDL/rXUKgnRNrDGdKfzZSn3/KnC0vFDTeLKZZtV
9mfjKGt2GOGck3bASLEWU99lJX/RIiN9KV/elKRZuJnWhsm+a3mp5SaegomTluJA
qg8876fYGX781iIjEkGUB3We82AVa6N7Kt2BhN2PMa9PcTGYyLUwDuMwzGCJc9Qu
NHkAaS8PKZrjkL3nkcoKpv8VW2gGaSeeBC6Un8QZZLxO4CN+cDu3PA/JQdkSuGsh
CdqVJ73aYr7MFPV9+A==
=Ej5m
-----END PGP SIGNATURE-----