-
openssh (1:6.6p1-2ubuntu2.13) trusty-security; urgency=medium
* SECURITY UPDATE: Incomplete fix for CVE-2019-6111
- debian/patches/CVE-2019-6111-pre1.patch: add reallocarray to
openbsd-compat/Makefile.in, openbsd-compat/openbsd-compat.h,
openbsd-compat/reallocarray.c.
- debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
check in scp.c.
- CVE-2019-6111
* Fixed inverted CVE numbers in patch filenames and in previous
changelog.
-- Marc Deslauriers <email address hidden> Mon, 04 Mar 2019 07:52:28 -0500
-
openssh (1:6.6p1-2ubuntu2.12) trusty-security; urgency=medium
* SECURITY UPDATE: access restrictions bypass in scp
- debian/patches/CVE-2018-20685.patch: disallow empty filenames
or ones that refer to the current directory in scp.c.
- CVE-2018-20685
* SECURITY UPDATE: scp client spoofing via object name
- debian/patches/CVE-2019-6109.patch: make sure the filenames match
the wildcard specified by the user, and add new flag to relax the new
restrictions in scp.c, scp.1.
- CVE-2019-6109
* SECURITY UPDATE: scp client missing received object name validation
- debian/patches/CVE-2019-6111-pre1.patch: backport snmprintf from
newer OpenSSH in Makefile.in, utf8.c, utf8.h, configure.ac.
- debian/patches/CVE-2019-6111-pre2.patch: update vis.h and vis.c from
newer OpenSSH.
- debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
scp.c, sftp-client.c.
- debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
- CVE-2019-6111
-- Marc Deslauriers <email address hidden> Thu, 31 Jan 2019 11:18:29 -0500
-
openssh (1:6.6p1-2ubuntu2.11) trusty-security; urgency=medium
* SECURITY UPDATE: OpenSSH User Enumeration Vulnerability (LP: #1794629)
- debian/patches/CVE-2018-15473.patch: delay bailout for invalid
authenticating user until after the packet containing the request
has been fully parsed.
- CVE-2018-15473
[ Leonidas S. Barbosa ]
* SECURITY UPDATE: Privsep process chrashing via an out-of-sequence
- debian/patches/CVE-2016-10708.patch: fix in kex.c,
pack.c.
- CVE-2016-10708
-- Ryan Finnie <email address hidden> Sat, 13 Oct 2018 23:31:08 +0000
-
openssh (1:6.6p1-2ubuntu2.10) trusty-security; urgency=medium
* SECURITY UPDATE: untrusted search path when loading PKCS#11 modules
- debian/patches/CVE-2016-10009.patch: add a whitelist of paths from
which ssh-agent will load a PKCS#11 module in ssh-agent.1,
ssh-agent.c.
- debian/patches/CVE-2016-10009-2.patch: fix deletion of PKCS#11 keys
in ssh-agent.c.
- debian/patches/CVE-2016-10009-3.patch: relax whitelist in
ssh-agent.c.
- debian/patches/CVE-2016-10009-4.patch: add missing label in
ssh-agent.c.
- CVE-2016-10009
* SECURITY UPDATE: local information disclosure via effects of realloc on
buffer contents
- debian/patches/CVE-2016-10011.patch: pre-allocate the buffer used for
loading keys in authfile.c.
- CVE-2016-10011
* SECURITY UPDATE: local privilege escalation via incorrect bounds check
in shared memory manager
- debian/patches/CVE-2016-10012-1-2.patch: remove support for
pre-authentication compression in kex.c, kex.h, Makefile.in,
monitor.c, monitor.h, monitor_wrap.c, monitor_wrap.h, myproposal.h,
packet.c, servconf.c, sshd.c, sshd_config.5.
- debian/patches/CVE-2016-10012-3.patch: put back some pre-auth zlib
bits in kex.c, kex.h, packet.c.
- CVE-2016-10012
* SECURITY UPDATE: DoS via zero-length file creation in readonly mode
- debian/patches/CVE-2017-15906.patch: disallow creation of empty files
in sftp-server.c.
- CVE-2017-15906
-- Marc Deslauriers <email address hidden> Mon, 15 Jan 2018 11:28:55 -0500
-
openssh (1:6.6p1-2ubuntu2.8) trusty-security; urgency=medium
* SECURITY UPDATE: user enumeration via covert timing channel
- debian/patches/CVE-2016-6210-1.patch: determine appropriate salt for
invalid users in auth-passwd.c, openbsd-compat/xcrypt.c.
- debian/patches/CVE-2016-6210-2.patch: mitigate timing of disallowed
users PAM logins in auth-pam.c.
- debian/patches/CVE-2016-6210-3.patch: search users for one with a
valid salt in openbsd-compat/xcrypt.c.
- CVE-2016-6210
* SECURITY UPDATE: denial of service via long passwords
- debian/patches/CVE-2016-6515.patch: skip passwords longer than 1k in
length in auth-passwd.c.
- CVE-2016-6515
-- Marc Deslauriers <email address hidden> Thu, 11 Aug 2016 08:43:06 -0400
-
openssh (1:6.6p1-2ubuntu2.7) trusty-security; urgency=medium
* SECURITY UPDATE: privilege escalation via environment files when
UseLogin is configured
- debian/patches/CVE-2015-8325.patch: ignore PAM environment vars when
UseLogin is enabled in session.c.
- CVE-2015-8325
* SECURITY UPDATE: fallback from untrusted X11-forwarding to trusted
- debian/patches/CVE-2016-1908-1.patch: use stack memory in
clientloop.c.
- debian/patches/CVE-2016-1908-2.patch: eliminate fallback in
clientloop.c, clientloop.h, mux.c, ssh.c.
- CVE-2016-1908
* SECURITY UPDATE: shell-command restrictions bypass via crafted X11
forwarding data
- debian/patches/CVE-2016-3115.patch: sanitise characters destined for
xauth in session.c.
- CVE-2016-3115
-- Marc Deslauriers <email address hidden> Thu, 05 May 2016 08:29:07 -0400
-
openssh (1:6.6p1-2ubuntu2.6) trusty; urgency=medium
* debian/control, debian/rules: enable libaudit support. (LP: #1478087)
openssh (1:6.6p1-2ubuntu2.5) trusty-proposed; urgency=medium
* Backport upstream reporting of max auth attempts, so that fail2bail
and similar tools can learn the IP address of brute forcers.
(LP: #1534340)
- debian/patches/report-max-auth.patch
-- Mathieu Trudel-Lapierre <email address hidden> Tue, 26 Jan 2016 10:38:35 -0500
-
openssh (1:6.6p1-2ubuntu2.5) trusty-proposed; urgency=medium
* Backport upstream reporting of max auth attempts, so that fail2bail
and similar tools can learn the IP address of brute forcers.
(LP: #1534340)
- debian/patches/report-max-auth.patch
-- Kees Cook <email address hidden> Thu, 14 Jan 2016 13:56:03 -0800
-
openssh (1:6.6p1-2ubuntu2.4) trusty-security; urgency=medium
* SECURITY UPDATE: information leak and overflow in roaming support
- debian/patches/CVE-2016-077x.patch: completely disable roaming option
in readconf.c.
- CVE-2016-0777
- CVE-2016-0778
-- Marc Deslauriers <email address hidden> Wed, 13 Jan 2016 10:48:19 -0500
-
openssh (1:6.6p1-2ubuntu2.3) trusty-security; urgency=medium
* SECURITY REGRESSION: random auth failures because of uninitialized
struct field (LP: #1485719)
- debian/patches/CVE-2015-5600-2.patch:
-- Marc Deslauriers <email address hidden> Mon, 17 Aug 2015 21:52:52 -0400
-
openssh (1:6.6p1-2ubuntu2.2) trusty-security; urgency=medium
* SECURITY UPDATE: possible user impersonation via PAM support
- debian/patches/pam-security-1.patch: don't resend username to PAM in
monitor.c, monitor_wrap.c.
- CVE number pending
* SECURITY UPDATE: use-after-free in PAM support
- debian/patches/pam-security-2.patch: fix use after free in monitor.c.
- CVE number pending
* SECURITY UPDATE:
- debian/patches/CVE-2015-5600.patch: only query each
keyboard-interactive device once per authentication request in
auth2-chall.c.
- CVE-2015-5600
* SECURITY UPDATE: X connections access restriction bypass
- debian/patches/CVE-2015-5352.patch: refuse ForwardX11Trusted=no
connections attempted after ForwardX11Timeout expires in channels.c,
channels.h, clientloop.c.
- CVE-2015-5352
-- Marc Deslauriers <email address hidden> Fri, 14 Aug 2015 07:31:00 -0400
-
openssh (1:6.6p1-2ubuntu2) trusty; urgency=medium
* Apply upstream-recommended patch to fix bignum encoding for
<email address hidden>, fixing occasional key exchange failures
(LP: #1310781).
* Force ssh-agent Upstart job to use sh syntax regardless of the user's
shell (thanks, Steffen Stempel; LP: #1312928).
-- Colin Watson <email address hidden> Fri, 02 May 2014 09:42:23 +0100
-
openssh (1:6.6p1-2ubuntu1) trusty; urgency=medium
* Upload from Debian git repository to fix a release-critical bug.
* Debconf translations:
- French (thanks, Étienne Gilli; closes: #743242).
* Never signal the service supervisor with SIGSTOP more than once, to
prevent a hang on re-exec (thanks, Robie Basak; LP: #1306877).
-- Colin Watson <email address hidden> Mon, 14 Apr 2014 12:20:48 +0100
-
openssh (1:6.6p1-2) unstable; urgency=medium
* If no root password is set, then switch to "PermitRootLogin
without-password" without asking (LP: #1300127).
-- Colin Watson <email address hidden> Mon, 31 Mar 2014 12:20:46 +0100
-
openssh (1:6.6p1-1) unstable; urgency=medium
[ Colin Watson ]
* Apply various warning-suppression and regression-test fixes to
gssapi.patch from Damien Miller.
* New upstream release (http://www.openssh.com/txt/release-6.6,
LP: #1298280):
- CVE-2014-2532: sshd(8): when using environment passing with an
sshd_config(5) AcceptEnv pattern with a wildcard, OpenSSH prior to 6.6
could be tricked into accepting any environment variable that contains
the characters before the wildcard character.
* Re-enable btmp logging, as its permissions were fixed a long time ago in
response to #370050 (closes: #341883).
* Change to "PermitRootLogin without-password" for new installations, and
ask a debconf question when upgrading systems with "PermitRootLogin yes"
from previous versions (closes: #298138).
* Debconf translations:
- Danish (thanks, Joe Hansen).
- Portuguese (thanks, Américo Monteiro).
- Russian (thanks, Yuri Kozlov; closes: #742308).
- Swedish (thanks, Andreas Rönnquist).
- Japanese (thanks, victory).
- German (thanks, Stephan Beck; closes: #742541).
- Italian (thanks, Beatrice Torracca).
* Don't start ssh-agent from the Upstart user session job if something
like Xsession has already done so (based on work by Bruno Vasselle;
LP: #1244736).
[ Matthew Vernon ]
* CVE-2014-2653: Fix failure to check SSHFP records if server presents a
certificate (bug reported by me, patch by upstream's Damien Miller;
thanks also to Mark Wooding for his help in fixing this) (Closes:
#742513)
-- Colin Watson <email address hidden> Fri, 28 Mar 2014 18:04:41 +0000
-
openssh (1:6.5p1-6) unstable; urgency=medium
* Fix Breaks/Replaces versions of openssh-sftp-server on openssh-server
(thanks, Axel Beckert).
-- Colin Watson <email address hidden> Thu, 06 Mar 2014 16:18:44 +0000
-
openssh (1:6.5p1-4) unstable; urgency=medium
* Configure --without-hardening on hppa, to work around
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60155 (closes: #738798).
* Amend "Running sshd from inittab" instructions in README.Debian to
recommend 'update-rc.d ssh disable', rather than manual removal of rc*.d
symlinks that won't work with dependency-based sysv-rc.
* Remove code related to non-dependency-based sysv-rc ordering, since that
is no longer supported.
* Apply patch from https://bugzilla.mindrot.org/show_bug.cgi?id=2200 to
fix getsockname errors when using "ssh -W" (closes: #738693).
-- Colin Watson <email address hidden> Sat, 15 Feb 2014 02:19:36 +0000
-
openssh (1:6.5p1-3) unstable; urgency=medium
* Clarify socket activation mode in README.Debian, as suggested by Uoti
Urpala.
* Stop claiming that "Protocol 2" is a Debian-specific default; this has
been upstream's default since 5.4p1.
* Avoid stdout noise from which(1) on purge of openssh-client.
* Fix sysvinit->systemd transition code to cope with still-running
sysvinit jobs being considered active by systemd (thanks, Uoti Urpala
and Michael Biebl).
* Bump guard version for sysvinit->systemd transition to 1:6.5p1-3; we may
have got it wrong before, and it's fairly harmless to repeat it.
* Remove tests for whether /dev/null is a character device from the
Upstart job and the systemd service files; it's there to avoid a
confusing failure mode in daemon(), but with modern init systems we use
the -D option to suppress daemonisation anyway.
* Refer to /usr/share/common-licenses/GPL-2 in debian/copyright (for the
Debian patch) rather than plain GPL.
* Drop some very old Conflicts and Replaces (ssh (<< 1:3.8.1p1-9),
rsh-client (<< 0.16.1-1), ssh-krb5 (<< 1:4.3p2-7), ssh-nonfree (<< 2),
and openssh-client (<< 1:3.8.1p1-11)). These all relate to pre-etch
versions, for which we no longer have maintainer script code, and per
policy they would have to become Breaks nowadays anyway.
* Policy version 3.9.5.
* Drop unnecessary -1 in zlib1g Build-Depends version.
* Tweak dh_systemd_enable invocations to avoid lots of error noise.
-- Colin Watson <email address hidden> Wed, 12 Feb 2014 13:10:08 +0000
-
openssh (1:6.5p1-2) unstable; urgency=medium
* Only enable ssh.service for systemd, not both ssh.service and
ssh.socket. Thanks to Michael Biebl for spotting this.
* Backport upstream patch to unbreak case-sensitive matching of ssh_config
(closes: #738619).
-- Colin Watson <email address hidden> Tue, 11 Feb 2014 11:28:35 +0000
-
openssh (1:6.5p1-1) unstable; urgency=medium
* New upstream release (http://www.openssh.com/txt/release-6.5,
LP: #1275068):
- ssh(1): Add support for client-side hostname canonicalisation using a
set of DNS suffixes and rules in ssh_config(5). This allows
unqualified names to be canonicalised to fully-qualified domain names
to eliminate ambiguity when looking up keys in known_hosts or checking
host certificate names (closes: #115286).
* Switch to git; adjust Vcs-* fields.
* Convert to git-dpm, and drop source package documentation associated
with the old bzr/quilt patch handling workflow.
* Drop ssh-vulnkey and the associated ssh/ssh-add/sshd integration code,
leaving only basic configuration file compatibility, since it has been
nearly six years since the original vulnerability and this code is not
likely to be of much value any more (closes: #481853, #570651). See
https://lists.debian.org/debian-devel/2013/09/msg00240.html for my full
reasoning.
* Add OpenPGP signature checking configuration to watch file (thanks,
Daniel Kahn Gillmor; closes: #732441).
* Add the pam_keyinit session module, to create a new session keyring on
login (closes: #734816).
* Incorporate default path changes from shadow 1:4.0.18.1-8, removing
/usr/bin/X11 (closes: #644521).
* Generate ED25519 host keys on fresh installations. Upgraders who wish
to add such host keys should manually add 'HostKey
/etc/ssh/ssh_host_ed25519_key' to /etc/ssh/sshd_config and run
'ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519'.
* Drop long-obsolete "SSH now uses protocol 2 by default" section from
README.Debian.
* Add systemd support (thanks, Sven Joachim; closes: #676830).
-- Colin Watson <email address hidden> Mon, 10 Feb 2014 14:58:26 +0000
-
openssh (1:6.4p1-2) unstable; urgency=high
* Increase ServerKeyBits value in package-generated sshd_config to 1024
(closes: #727622, LP: #1244272).
* Restore patch to disable OpenSSL version check (closes: #732940).
-- Colin Watson <email address hidden> Mon, 23 Dec 2013 10:44:04 +0000
-
openssh (1:6.4p1-1) unstable; urgency=high
* New upstream release. Important changes:
- 6.3/6.3p1 (http://www.openssh.com/txt/release-6.3):
+ sftp(1): add support for resuming partial downloads using the
"reget" command and on the sftp commandline or on the "get"
commandline using the "-a" (append) option (closes: #158590).
+ ssh(1): add an "IgnoreUnknown" configuration option to selectively
suppress errors arising from unknown configuration directives
(closes: #436052).
+ sftp(1): update progressmeter when data is acknowledged, not when
it's sent (partially addresses #708372).
+ ssh(1): do not fatally exit when attempting to cleanup multiplexing-
created channels that are incompletely opened (closes: #651357).
- 6.4/6.4p1 (http://www.openssh.com/txt/release-6.4):
+ CVE-2013-4548: sshd(8): fix a memory corruption problem triggered
during rekeying when an AES-GCM cipher is selected (closes:
#729029). Full details of the vulnerability are available at:
http://www.openssh.com/txt/gcmrekey.adv
* When running under Upstart, only consider the daemon started once it is
ready to accept connections (by raising SIGSTOP at that point and using
"expect stop").
-- Colin Watson <email address hidden> Sat, 09 Nov 2013 18:24:16 +0000
-
openssh (1:6.2p2-6ubuntu1) trusty; urgency=low
* SECURITY UPDATE: code execution via memory corruption when using an
AES-GCM cipher
- debian/patches/CVE-2013-4548.patch: properly initialize MAC context
in monitor_wrap.c.
- CVE-2013-4548
-- Marc Deslauriers <email address hidden> Fri, 08 Nov 2013 07:51:18 -0500
-
openssh (1:6.2p2-6) unstable; urgency=low
* Update config.guess and config.sub automatically at build time.
dh_autoreconf does not take care of that by default because openssh does
not use automake.
-- Colin Watson <email address hidden> Tue, 02 Jul 2013 22:54:49 +0100