Format: 1.8 Date: Thu, 31 Jan 2019 08:58:34 -0500 Source: openssh Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: arm64 arm64_translations Version: 1:7.6p1-4ubuntu0.2 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad Changes: openssh (1:7.6p1-4ubuntu0.2) bionic-security; urgency=medium . * SECURITY UPDATE: access restrictions bypass in scp - debian/patches/CVE-2018-20685.patch: disallow empty filenames or ones that refer to the current directory in scp.c. - CVE-2018-20685 * SECURITY UPDATE: scp client spoofing via object name - debian/patches/CVE-2019-6109.patch: make sure the filenames match the wildcard specified by the user, and add new flag to relax the new restrictions in scp.c, scp.1. - CVE-2019-6109 * SECURITY UPDATE: scp client missing received object name validation - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via snmprintf in atomicio.c, progressmeter.c, progressmeter.h, scp.c, sftp-client.c. - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in progressmeter.c, progressmeter.h, scp.c, sftp-client.c. - CVE-2019-6111 Checksums-Sha1: d2db36ca31266760f76ffa78a1de65a279760565 3159148 openssh-client-dbgsym_7.6p1-4ubuntu0.2_arm64.ddeb 36b01f5f44e004f7d91c8a95e3e0d9ffcedfa02b 241568 openssh-client-udeb_7.6p1-4ubuntu0.2_arm64.udeb 22914056a99519e7986c114bd127f19f8314cad1 526176 openssh-client_7.6p1-4ubuntu0.2_arm64.deb 99b4c199cb8ffe06c7997e880dba339f85c8da90 910732 openssh-server-dbgsym_7.6p1-4ubuntu0.2_arm64.ddeb aaf779248c7d5c125b7336734306698b8e02107d 245144 openssh-server-udeb_7.6p1-4ubuntu0.2_arm64.udeb dabc79c2fe01565bd04dc5c4cdd9b7b04c5c9765 290884 openssh-server_7.6p1-4ubuntu0.2_arm64.deb 9fa9aefd68ba0fdbf29309ac59004957fccddc56 128712 openssh-sftp-server-dbgsym_7.6p1-4ubuntu0.2_arm64.ddeb 0dacfee20bbf6c4cd80bb9d5a1ba26e27b18c0fd 38900 openssh-sftp-server_7.6p1-4ubuntu0.2_arm64.deb f163d4e25a943cd3da077eb6f11ea9a4508607bf 16927 openssh_7.6p1-4ubuntu0.2_arm64.buildinfo cfee5fe711fe3bd5a9f96d17136c7467f05e365a 8507 openssh_7.6p1-4ubuntu0.2_arm64_translations.tar.gz e9aa682f3e1a6625b27485f9dffe533613b8f052 11956 ssh-askpass-gnome-dbgsym_7.6p1-4ubuntu0.2_arm64.ddeb 8735c6b11c4a88e5ad94ccee0c3593ce3411e029 16804 ssh-askpass-gnome_7.6p1-4ubuntu0.2_arm64.deb Checksums-Sha256: 30ee91a8741b9c8e2e82493d14348c2de035d86d861144cf6fae61556a1c258c 3159148 openssh-client-dbgsym_7.6p1-4ubuntu0.2_arm64.ddeb 5af7e660b1d3dbd3b151fded60cc839891fd0139505a1a58256f1c7f9e9dbd86 241568 openssh-client-udeb_7.6p1-4ubuntu0.2_arm64.udeb 99b7ca68fdbef9be62e1f8265bd4c14281e57a25daf9ff77c2e370da527eedb0 526176 openssh-client_7.6p1-4ubuntu0.2_arm64.deb aa4123f1fd1b3e32973ae1fb0ef028e03281937e815f9f84b0ca748df68f401b 910732 openssh-server-dbgsym_7.6p1-4ubuntu0.2_arm64.ddeb 27fcf29dc1d31c9554baa80904024cdf2e0a299aedaf21cc9b3b333916f90e10 245144 openssh-server-udeb_7.6p1-4ubuntu0.2_arm64.udeb 2f4c1a62f4cc8697dc8d45c3a59940ea6166114717180a341f716e267f416035 290884 openssh-server_7.6p1-4ubuntu0.2_arm64.deb 1686256206eeeef9d612933e3ecb2bd0d39d40d6fc177aec3df6ba6ea22214dd 128712 openssh-sftp-server-dbgsym_7.6p1-4ubuntu0.2_arm64.ddeb f66c0eb1de024808f3dd2ac6afd102a042419701fa5ae902c09f0a2436338365 38900 openssh-sftp-server_7.6p1-4ubuntu0.2_arm64.deb a9a2c1620bf5b763620127cae14d5232a859bd1bc2f51da9e838312cccc83382 16927 openssh_7.6p1-4ubuntu0.2_arm64.buildinfo f975326f5a3e5a06f1ee6ebf0527bd153d023775bcd8e61251e38f413b30f32d 8507 openssh_7.6p1-4ubuntu0.2_arm64_translations.tar.gz f9cf2386de3053b75f2d46805251ae82b44f86a035b49bc3f5579bac4d7dc6d7 11956 ssh-askpass-gnome-dbgsym_7.6p1-4ubuntu0.2_arm64.ddeb c907db68cf69d019e8ea6360da2b3e7b09820a86eb4b7e557219db77c55501a2 16804 ssh-askpass-gnome_7.6p1-4ubuntu0.2_arm64.deb Files: 2e18066f4831a612b1a2c8eba330aae5 3159148 debug optional openssh-client-dbgsym_7.6p1-4ubuntu0.2_arm64.ddeb fdd6f28e0334d0d77b86c3aff8ec62ff 241568 debian-installer optional openssh-client-udeb_7.6p1-4ubuntu0.2_arm64.udeb 3dd9c0565aaa029ddea17f145d060d82 526176 net standard openssh-client_7.6p1-4ubuntu0.2_arm64.deb cba9199b3f0ffbc5b66dbbe6cabcf970 910732 debug optional openssh-server-dbgsym_7.6p1-4ubuntu0.2_arm64.ddeb 15cd178edf3559a989aa9f6e9aee766c 245144 debian-installer optional openssh-server-udeb_7.6p1-4ubuntu0.2_arm64.udeb d486bffd66f031b347b253378322c182 290884 net optional openssh-server_7.6p1-4ubuntu0.2_arm64.deb 20071b6b37ad3448a4b8fb499c16d4f2 128712 debug optional openssh-sftp-server-dbgsym_7.6p1-4ubuntu0.2_arm64.ddeb e6c071c61e577a6cf741fb1a4ca7d577 38900 net optional openssh-sftp-server_7.6p1-4ubuntu0.2_arm64.deb 3643730dccdff582159ebeafeddb03e0 16927 net standard openssh_7.6p1-4ubuntu0.2_arm64.buildinfo 18e9d9b5d9f7908637bb6db0fcd7ceb4 8507 raw-translations - openssh_7.6p1-4ubuntu0.2_arm64_translations.tar.gz be1b863c7a82dcf9cfa29dfc4fb02c49 11956 debug optional ssh-askpass-gnome-dbgsym_7.6p1-4ubuntu0.2_arm64.ddeb 91848754f3aaa3bb14261134812e2805 16804 gnome optional ssh-askpass-gnome_7.6p1-4ubuntu0.2_arm64.deb Original-Maintainer: Debian OpenSSH Maintainers