[ubuntu/noble-security] openssh 1:9.6p1-3ubuntu13.15 (Accepted)

[Marc Deslauriers]

openssh (1:9.6p1-3ubuntu13.15) noble-security; urgency=medium

  * SECURITY UPDATE: GSSAPI Key Exchange issue
    - debian/patches/gssapi.patch: replace incorrect use of
      sshpkt_disconnect() with ssh_packet_disconnect() and properly
      initialize some vars.
    - CVE-2026-3497
  * SECURITY UPDATE: Untrusted control characters in usernames
    - debian/patches/CVE-2025-61984.patch: refuse usernames that include
      control characters in ssh.c.
    - CVE-2025-61984
  * SECURITY UPDATE: Code execution in ProxyCommand via NULL character
    - debian/patches/CVE-2025-61985.patch: don't allow \0 characters in
      url-encoded strings in misc.c.
    - CVE-2025-61985

openssh (1:9.6p1-3ubuntu13.14) noble; urgency=medium

  * d/p/systemd-socket-activation.patch: allow AF_VSOCK sockets (LP: #2111226)

openssh (1:9.6p1-3ubuntu13.13) noble; urgency=medium

  * Explicitly listen on IPv4 by default, with socket-activated sshd
    (LP: #2080216)
    - d/systemd/ssh.socket: explicitly listen on ipv4 by default
    - d/t/sshd-socket-generator: update for new defaults and AddressFamily
    - sshd-socket-generator: handle new ssh.socket default settings

openssh (1:9.6p1-3ubuntu13.12) noble; urgency=medium

  * d/p/sshd-socket-generator.patch: add note to sshd_config
    Explain that a systemctl daemon-reload is needed for changes
    to Port et al to take effect.
    (LP: #2069041)

Date: 2026-03-04 19:42:17.514833+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/openssh/1:9.6p1-3ubuntu13.15
-------------- next part --------------
Sorry, changesfile not available.