openssh 1:9.3p1-1ubuntu2 source package in Ubuntu

Changelog

openssh (1:9.3p1-1ubuntu2) mantic; urgency=medium

  * SECURITY UPDATE: remote code execution relating to PKCS#11 providers
    - debian/patches/CVE-2023-38408-1.patch: terminate process if requested
      to load a PKCS#11 provider that isn't a PKCS#11 provider in
      ssh-pkcs11.c.
    - debian/patches/CVE-2023-38408-2.patch: disallow remote addition of
      FIDO/PKCS11 provider in ssh-agent.1, ssh-agent.c.
    - debian/patches/CVE-2023-38408-3.patch: ensure FIDO/PKCS11 libraries
      contain expected symbols in misc.c, misc.h, ssh-pkcs11.c, ssh-sk.c.
    - CVE-2023-38408

 -- Marc Deslauriers <email address hidden>  Mon, 24 Jul 2023 15:01:06 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Mantic
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
openssh_9.3p1.orig.tar.gz 1.8 MiB e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8
openssh_9.3p1.orig.tar.gz.asc 833 bytes 6d96d2ff60d8d3545f0fa1709cb4c273d9a2fe086afa90f70951cffc01c8fa68
openssh_9.3p1-1ubuntu2.debian.tar.xz 187.4 KiB fe277bfdfc2665e8153d3e1719e534e8c3735695e24938351b81d50cc4d870c1
openssh_9.3p1-1ubuntu2.dsc 3.2 KiB 2f0c0d8af3ee4052c43d06eca6a0b21a748d5f9eb7a43ee4948272e44390ef8a

View changes file

Binary packages built by this source

openssh-client: secure shell (SSH) client, for secure access to remote machines

 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
 group.
 .
 Ssh (Secure Shell) is a program for logging into a remote machine
 and for executing commands on a remote machine.
 It provides secure encrypted communications between two untrusted
 hosts over an insecure network. X11 connections and arbitrary TCP/IP
 ports can also be forwarded over the secure channel.
 It can be used to provide applications with a secure communication
 channel.
 .
 This package provides the ssh, scp and sftp clients, the ssh-agent
 and ssh-add programs to make public key authentication more convenient,
 and the ssh-keygen, ssh-keyscan, ssh-copy-id and ssh-argv0 utilities.
 .
 In some countries it may be illegal to use any encryption at all
 without a special permit.
 .
 ssh replaces the insecure rsh, rcp and rlogin programs, which are
 obsolete for most purposes.

openssh-client-dbgsym: debug symbols for openssh-client
openssh-server: secure shell (SSH) server, for secure access from remote machines

 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
 group.
 .
 Ssh (Secure Shell) is a program for logging into a remote machine
 and for executing commands on a remote machine.
 It provides secure encrypted communications between two untrusted
 hosts over an insecure network. X11 connections and arbitrary TCP/IP
 ports can also be forwarded over the secure channel.
 It can be used to provide applications with a secure communication
 channel.
 .
 This package provides the sshd server.
 .
 In some countries it may be illegal to use any encryption at all
 without a special permit.
 .
 sshd replaces the insecure rshd program, which is obsolete for most
 purposes.

openssh-server-dbgsym: debug symbols for openssh-server
openssh-sftp-server: secure shell (SSH) sftp server module, for SFTP access from remote machines

 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
 group.
 .
 Ssh (Secure Shell) is a program for logging into a remote machine
 and for executing commands on a remote machine.
 It provides secure encrypted communications between two untrusted
 hosts over an insecure network. X11 connections and arbitrary TCP/IP
 ports can also be forwarded over the secure channel.
 It can be used to provide applications with a secure communication
 channel.
 .
 This package provides the SFTP server module for the SSH server. It
 is needed if you want to access your SSH server with SFTP. The SFTP
 server module also works with other SSH daemons like dropbear.
 .
 OpenSSH's sftp and sftp-server implement revision 3 of the SSH filexfer
 protocol described in:
 .
  http://www.openssh.com/txt/draft-ietf-secsh-filexfer-02.txt
 .
 Newer versions of the draft will not be supported, though some features
 are individually implemented as extensions.

openssh-sftp-server-dbgsym: debug symbols for openssh-sftp-server
openssh-tests: OpenSSH regression tests

 This package provides OpenSSH's regression test suite. It is mainly
 intended for use with the autopkgtest system, though can also be run
 directly using /usr/lib/openssh/regress/run-tests.

openssh-tests-dbgsym: debug symbols for openssh-tests
ssh: secure shell client and server (metapackage)

 This metapackage is a convenient way to install both the OpenSSH client
 and the OpenSSH server. It provides nothing in and of itself, so you
 may remove it if nothing depends on it.

ssh-askpass-gnome: interactive X program to prompt users for a passphrase for ssh-add

 This has been split out of the main openssh-client package so that
 openssh-client does not need to depend on GTK+.
 .
 You probably want the ssh-askpass package instead, but this is
 provided to add to your choice and/or confusion.

ssh-askpass-gnome-dbgsym: debug symbols for ssh-askpass-gnome