[ubuntu/wily-proposed] openssh 1:6.7p1-6ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Fri Aug 14 15:07:14 UTC 2015 

openssh (1:6.7p1-6ubuntu1) wily; urgency=medium

  * SECURITY UPDATE: possible user impersonation via PAM support
    - debian/patches/pam-security-1.patch: don't resend username to PAM in
      monitor.c, monitor_wrap.c.
    - CVE number pending
  * SECURITY UPDATE: use-after-free in PAM support
    - debian/patches/pam-security-2.patch: fix use after free in monitor.c.
    - CVE number pending
  * SECURITY UPDATE: brute-force attack with KbdInteractiveAuthentication
    - debian/patches/CVE-2015-5600.patch: only query each
      keyboard-interactive device once per authentication request in
      auth2-chall.c.
    - CVE-2015-5600
  * SECURITY UPDATE: X connections access restriction bypass
    - debian/patches/CVE-2015-5352.patch: refuse ForwardX11Trusted=no
      connections attempted after ForwardX11Timeout expires in channels.c,
      channels.h, clientloop.c.
    - CVE-2015-5352

Date: Fri, 14 Aug 2015 10:48:13 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssh/1:6.7p1-6ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 14 Aug 2015 10:48:13 -0400
Source: openssh
Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:6.7p1-6ubuntu1
Distribution: wily
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Changes:
 openssh (1:6.7p1-6ubuntu1) wily; urgency=medium
 .
   * SECURITY UPDATE: possible user impersonation via PAM support
     - debian/patches/pam-security-1.patch: don't resend username to PAM in
       monitor.c, monitor_wrap.c.
     - CVE number pending
   * SECURITY UPDATE: use-after-free in PAM support
     - debian/patches/pam-security-2.patch: fix use after free in monitor.c.
     - CVE number pending
   * SECURITY UPDATE: brute-force attack with KbdInteractiveAuthentication
     - debian/patches/CVE-2015-5600.patch: only query each
       keyboard-interactive device once per authentication request in
       auth2-chall.c.
     - CVE-2015-5600
   * SECURITY UPDATE: X connections access restriction bypass
     - debian/patches/CVE-2015-5352.patch: refuse ForwardX11Trusted=no
       connections attempted after ForwardX11Timeout expires in channels.c,
       channels.h, clientloop.c.
     - CVE-2015-5352
Checksums-Sha1:
 81718c0bf6b42b1cb1f2f096e85ae5bc9b436795 2788 openssh_6.7p1-6ubuntu1.dsc
 0c63d2e3a92848d1091d57a1fa6c56c8b887122c 150392 openssh_6.7p1-6ubuntu1.debian.tar.xz
Checksums-Sha256:
 8d4c7af034d9c07a084e985470b5c8519219d7d6dc3ce5fd0c15e1fd4cfccc8f 2788 openssh_6.7p1-6ubuntu1.dsc
 7ddc144c827e25e87e1ce82d55ba7b665a89a87a602d30544ef94c5fcb270dd6 150392 openssh_6.7p1-6ubuntu1.debian.tar.xz
Files:
 855694079ed76df67a52f3e33c7ec9ed 2788 net standard openssh_6.7p1-6ubuntu1.dsc
 6de105c2efbcebf5e8768b3d2d499370 150392 net standard openssh_6.7p1-6ubuntu1.debian.tar.xz
Original-Maintainer: Debian OpenSSH Maintainers <debian-ssh at lists.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVzgONAAoJEGVp2FWnRL6ThH0P/Aw7h0K53qCthr3CWtSvg3rB
s9G1+9kwuy9Cc+vrNq74IGAu4i5JUK2e7NHaxeQBOZZL5U74TySO4qSs+TpDLMQG
x9vNAKv/zbSIgx/3vHp96+VTKWBqqFVuxMIjC/80aEat5GNiZKE2+N+rVs09Ub1A
et0k3UXBXED9bti4Aa7qoaf6/EpGlGw1E5Pf3VHnUBD3zEoomRwzYwVeSAfMv+KJ
myUjw0AbZOXoxueEUkOWsuDJUPKY2mxTl/zfNPdVGndBiL9V8TShIeFlhWFdEZjQ
TdOXRE0Tb32EVkWB9Njx5DFeDD4voZVnwYUxPmKjdWZfLatCb0Q1ogacZGHOgDRK
3xDb4rX6MuV5xXWUw5vli4KUzVpswzlgBYwjn2e8qaWPyQeL7Z4CGTtV5KVCjYly
PH6YSbGxo9/s3lJy5p4i59k4gA6YndDTjArgtOxY4iA7Ku6HkHHmpXkW5d2+8a7M
09UIDiwEZjYvW2u1HxmZEYr10eD0y1OADOb9UERhwpHV17mnzL9pX4xbf3Lxqvx9
WswhwMdSYWURvSBY97aCvZD41MU1eidCH9VfxOfV/ROl6j5GYjiW9f1SH0vBRzEL
bd2/8MHEphvdUcnMBPKKMgMq4MvbCOY7Gpgz/OQbO0gN7NCskn1PiY4XHB9gXfjY
TfODoTxyh4/vZB0QDTtj
=DOBj
-----END PGP SIGNATURE-----

More information about the Wily-changes mailing list