[ubuntu/mantic-proposed] openssh 1:9.3p1-1ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Mon Jul 24 19:42:18 UTC 2023 

openssh (1:9.3p1-1ubuntu2) mantic; urgency=medium

  * SECURITY UPDATE: remote code execution relating to PKCS#11 providers
    - debian/patches/CVE-2023-38408-1.patch: terminate process if requested
      to load a PKCS#11 provider that isn't a PKCS#11 provider in
      ssh-pkcs11.c.
    - debian/patches/CVE-2023-38408-2.patch: disallow remote addition of
      FIDO/PKCS11 provider in ssh-agent.1, ssh-agent.c.
    - debian/patches/CVE-2023-38408-3.patch: ensure FIDO/PKCS11 libraries
      contain expected symbols in misc.c, misc.h, ssh-pkcs11.c, ssh-sk.c.
    - CVE-2023-38408

Date: Mon, 24 Jul 2023 15:01:06 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssh/1:9.3p1-1ubuntu2
-------------- next part --------------
Format: 1.8
Date: Mon, 24 Jul 2023 15:01:06 -0400
Source: openssh
Built-For-Profiles: noudeb
Architecture: source
Version: 1:9.3p1-1ubuntu2
Distribution: mantic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 openssh (1:9.3p1-1ubuntu2) mantic; urgency=medium
 .
   * SECURITY UPDATE: remote code execution relating to PKCS#11 providers
     - debian/patches/CVE-2023-38408-1.patch: terminate process if requested
       to load a PKCS#11 provider that isn't a PKCS#11 provider in
       ssh-pkcs11.c.
     - debian/patches/CVE-2023-38408-2.patch: disallow remote addition of
       FIDO/PKCS11 provider in ssh-agent.1, ssh-agent.c.
     - debian/patches/CVE-2023-38408-3.patch: ensure FIDO/PKCS11 libraries
       contain expected symbols in misc.c, misc.h, ssh-pkcs11.c, ssh-sk.c.
     - CVE-2023-38408
Checksums-Sha1:
 3a66b4032b62deda5e3598d33abebab3f482fbe3 3313 openssh_9.3p1-1ubuntu2.dsc
 0b4de369c3c528c970c3975891da7eb1ea3d0dfb 191876 openssh_9.3p1-1ubuntu2.debian.tar.xz
 875b2ea95ac1b25107d7c11febb5418ea99dfa88 15781 openssh_9.3p1-1ubuntu2_source.buildinfo
Checksums-Sha256:
 2f0c0d8af3ee4052c43d06eca6a0b21a748d5f9eb7a43ee4948272e44390ef8a 3313 openssh_9.3p1-1ubuntu2.dsc
 fe277bfdfc2665e8153d3e1719e534e8c3735695e24938351b81d50cc4d870c1 191876 openssh_9.3p1-1ubuntu2.debian.tar.xz
 8b7af009c76376a5fdfba5590a3b79785cf9e6cdfd90927835249f22d18b0513 15781 openssh_9.3p1-1ubuntu2_source.buildinfo
Files:
 1ebb06d45437b8307dee09f98952da89 3313 net standard openssh_9.3p1-1ubuntu2.dsc
 df6939e2e25f5e0e0ea3a444bcd54602 191876 net standard openssh_9.3p1-1ubuntu2.debian.tar.xz
 b699d4da1e3ff9c52bddcc4d9f7c1415 15781 net standard openssh_9.3p1-1ubuntu2_source.buildinfo
Original-Maintainer: Debian OpenSSH Maintainers <debian-ssh at lists.debian.org>

More information about the mantic-changes mailing list