Format: 1.8 Date: Thu, 31 Jan 2019 08:35:48 -0500 Source: openssh Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: i386 i386_translations Version: 1:7.7p1-4ubuntu0.2 Distribution: cosmic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad Changes: openssh (1:7.7p1-4ubuntu0.2) cosmic-security; urgency=medium . * SECURITY UPDATE: access restrictions bypass in scp - debian/patches/CVE-2018-20685.patch: disallow empty filenames or ones that refer to the current directory in scp.c. - CVE-2018-20685 * SECURITY UPDATE: scp client spoofing via object name - debian/patches/CVE-2019-6109.patch: make sure the filenames match the wildcard specified by the user, and add new flag to relax the new restrictions in scp.c, scp.1. - CVE-2019-6109 * SECURITY UPDATE: scp client missing received object name validation - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via snmprintf in atomicio.c, progressmeter.c, progressmeter.h, scp.c, sftp-client.c. - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in progressmeter.c, progressmeter.h, scp.c, sftp-client.c. - CVE-2019-6111 Checksums-Sha1: 57982fa3d2df2fec7533055bcba98c00dc58199c 3115500 openssh-client-dbgsym_7.7p1-4ubuntu0.2_i386.ddeb b14481937f7fc8403e64aa4f339e53cd9e480c30 283840 openssh-client-udeb_7.7p1-4ubuntu0.2_i386.udeb 1618f8a22de2794c7f3a2ccdab57888604dadbac 680304 openssh-client_7.7p1-4ubuntu0.2_i386.deb a7b7ed013b4d6509ac3d7d3350dca157e3435b57 911528 openssh-server-dbgsym_7.7p1-4ubuntu0.2_i386.ddeb b400ea708254ab07414aa01f3da1edcf29415c37 293924 openssh-server-udeb_7.7p1-4ubuntu0.2_i386.udeb f604c1d891bdcb62dd2e3d781df919ae07aab6b8 372068 openssh-server_7.7p1-4ubuntu0.2_i386.deb 3ab9f56b337ad2454d82e31a4c6bdd7f5d22eacd 123424 openssh-sftp-server-dbgsym_7.7p1-4ubuntu0.2_i386.ddeb deb7a5390e330d5131cd7a846bd15d86be6c5ccd 51472 openssh-sftp-server_7.7p1-4ubuntu0.2_i386.deb aa66239495f9429063e001a05f992173452b4eea 17229 openssh_7.7p1-4ubuntu0.2_i386.buildinfo aa88b89a4d31bb6d414dda1e0fcb4d9393f19f5a 8485 openssh_7.7p1-4ubuntu0.2_i386_translations.tar.gz aa5d3d81ce52c82d11ad7dcce137879f7bb6f061 11764 ssh-askpass-gnome-dbgsym_7.7p1-4ubuntu0.2_i386.ddeb d79d5eb23c69f6b86bea5fea1036af880e249d38 17312 ssh-askpass-gnome_7.7p1-4ubuntu0.2_i386.deb Checksums-Sha256: cf0a42260d79a3fef4b5297cbcf433ecb2dd1666d96de201cf79297ed93dd4d5 3115500 openssh-client-dbgsym_7.7p1-4ubuntu0.2_i386.ddeb 7751e3a38d546e9a0490293496c0bd91dd367b9dd83cc80e62635e5b0e52f4ad 283840 openssh-client-udeb_7.7p1-4ubuntu0.2_i386.udeb 865a7258b95dddf739d0aa88194916ad42e2deeb4e5e4fb69192f5f8490639cc 680304 openssh-client_7.7p1-4ubuntu0.2_i386.deb 3f1788a1df08a9a834ac3a1d17e037f4a51fd9343ba4666b4d84ed953e58054a 911528 openssh-server-dbgsym_7.7p1-4ubuntu0.2_i386.ddeb 086fcc8ecdad0527d7e38b9702f1a84e2a8ddec3edf1ca53efbf71a30013f5bb 293924 openssh-server-udeb_7.7p1-4ubuntu0.2_i386.udeb e6404e5778235240b281d9bd7640a8e5f9cd352bbfef0b327daf96b0ab1cac4d 372068 openssh-server_7.7p1-4ubuntu0.2_i386.deb d05b77a82122dab81f222d435fdb6242373b7a42a819dda1dd686ca5297f1f39 123424 openssh-sftp-server-dbgsym_7.7p1-4ubuntu0.2_i386.ddeb 6cfc6838e0bd00ee6103ae1d517587d0eb9ae4785911121f634c0d676bb5d9bb 51472 openssh-sftp-server_7.7p1-4ubuntu0.2_i386.deb 0f6c0b297fb9668accdd1fc0ede8a46e8cf0e913dffa4928a5eea5df7950c32f 17229 openssh_7.7p1-4ubuntu0.2_i386.buildinfo 7d5f92efacd86f3a704b8996ab57a0d893155ecd89e1e4ee741d42ad0aba10f3 8485 openssh_7.7p1-4ubuntu0.2_i386_translations.tar.gz d953b0f1f07f08efc6031b46bfac9317b6908832985d15b1ba6db8bc0afdef17 11764 ssh-askpass-gnome-dbgsym_7.7p1-4ubuntu0.2_i386.ddeb a383d5aaf8ad22ae3b7e59e05bfc43ed757999f46fac00ecf5263d037f7aba34 17312 ssh-askpass-gnome_7.7p1-4ubuntu0.2_i386.deb Files: 0d8d381812cd17d25426b253274b0269 3115500 debug optional openssh-client-dbgsym_7.7p1-4ubuntu0.2_i386.ddeb af710428b24449eb75ca484dad904c8a 283840 debian-installer optional openssh-client-udeb_7.7p1-4ubuntu0.2_i386.udeb 95c7981936e075bb0b51e1332240de6a 680304 net standard openssh-client_7.7p1-4ubuntu0.2_i386.deb 4bd8e8064a983ec6297c3cadcd58d42d 911528 debug optional openssh-server-dbgsym_7.7p1-4ubuntu0.2_i386.ddeb 8b72186302d5e4b291adc4ed4953be50 293924 debian-installer optional openssh-server-udeb_7.7p1-4ubuntu0.2_i386.udeb ac0159cf7572dfd059898516a43e220d 372068 net optional openssh-server_7.7p1-4ubuntu0.2_i386.deb 8b53f1ef4950a9a9706798a72ee4bac5 123424 debug optional openssh-sftp-server-dbgsym_7.7p1-4ubuntu0.2_i386.ddeb 3f8269f3a3dac42c7521a7d621c3964b 51472 net optional openssh-sftp-server_7.7p1-4ubuntu0.2_i386.deb ae070a9c4a39331705e01df2ff740861 17229 net standard openssh_7.7p1-4ubuntu0.2_i386.buildinfo e71816e05302c3157bc47f0744c5fb31 8485 raw-translations - openssh_7.7p1-4ubuntu0.2_i386_translations.tar.gz abca47f52685e46e08e2a1aa517d2cc6 11764 debug optional ssh-askpass-gnome-dbgsym_7.7p1-4ubuntu0.2_i386.ddeb 2614bdf06ecf900ab0df4f18bd421840 17312 gnome optional ssh-askpass-gnome_7.7p1-4ubuntu0.2_i386.deb Original-Maintainer: Debian OpenSSH Maintainers