Ubuntu
openssh package

openssh 1:7.7p1-4ubuntu0.2 source package in Ubuntu

Changelog

openssh (1:7.7p1-4ubuntu0.2) cosmic-security; urgency=medium

  * SECURITY UPDATE: access restrictions bypass in scp
    - debian/patches/CVE-2018-20685.patch: disallow empty filenames
      or ones that refer to the current directory in scp.c.
    - CVE-2018-20685
  * SECURITY UPDATE: scp client spoofing via object name
    - debian/patches/CVE-2019-6109.patch: make sure the filenames match
      the wildcard specified by the user, and add new flag to relax the new
      restrictions in scp.c, scp.1.
    - CVE-2019-6109
  * SECURITY UPDATE: scp client missing received object name validation
    - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
      snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
      scp.c, sftp-client.c.
    - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
      progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
    - CVE-2019-6111

 -- Marc Deslauriers <email address hidden>  Thu, 31 Jan 2019 08:35:48 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Cosmic
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
openssh_7.7p1.orig.tar.gz 1.5 MiB d73be7e684e99efcd024be15a30bffcbe41b012b2f7b3c9084aed621775e6b8f
openssh_7.7p1-4ubuntu0.2.debian.tar.xz 161.9 KiB adc3d7195a9a46cc1dbfd38e0955d34810f9bc6cdb3a2ee8356b56a80eb51961
openssh_7.7p1-4ubuntu0.2.dsc 2.9 KiB cf65b668459aec988df10b90caecb73ed26038dc89f23a54551d31ad8163aefc

View changes file

Binary packages built by this source

openssh-client: No summary available for openssh-client in ubuntu cosmic.

No description available for openssh-client in ubuntu cosmic.

openssh-client-dbgsym: No summary available for openssh-client-dbgsym in ubuntu cosmic.

No description available for openssh-client-dbgsym in ubuntu cosmic.

openssh-client-udeb: No summary available for openssh-client-udeb in ubuntu cosmic.

No description available for openssh-client-udeb in ubuntu cosmic.

openssh-server: No summary available for openssh-server in ubuntu cosmic.

No description available for openssh-server in ubuntu cosmic.

openssh-server-dbgsym: No summary available for openssh-server-dbgsym in ubuntu cosmic.

No description available for openssh-server-dbgsym in ubuntu cosmic.

openssh-server-udeb: No summary available for openssh-server-udeb in ubuntu cosmic.

No description available for openssh-server-udeb in ubuntu cosmic.

openssh-sftp-server: No summary available for openssh-sftp-server in ubuntu cosmic.

No description available for openssh-sftp-server in ubuntu cosmic.

openssh-sftp-server-dbgsym: No summary available for openssh-sftp-server-dbgsym in ubuntu cosmic.

No description available for openssh-sftp-server-dbgsym in ubuntu cosmic.

ssh: No summary available for ssh in ubuntu cosmic.

No description available for ssh in ubuntu cosmic.

ssh-askpass-gnome: No summary available for ssh-askpass-gnome in ubuntu cosmic.

No description available for ssh-askpass-gnome in ubuntu cosmic.

ssh-askpass-gnome-dbgsym: No summary available for ssh-askpass-gnome-dbgsym in ubuntu cosmic.

No description available for ssh-askpass-gnome-dbgsym in ubuntu cosmic.