Format: 1.8 Date: Thu, 31 Jan 2019 08:58:34 -0500 Source: openssh Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: ppc64el ppc64el_translations Version: 1:7.6p1-4ubuntu0.2 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad Changes: openssh (1:7.6p1-4ubuntu0.2) bionic-security; urgency=medium . * SECURITY UPDATE: access restrictions bypass in scp - debian/patches/CVE-2018-20685.patch: disallow empty filenames or ones that refer to the current directory in scp.c. - CVE-2018-20685 * SECURITY UPDATE: scp client spoofing via object name - debian/patches/CVE-2019-6109.patch: make sure the filenames match the wildcard specified by the user, and add new flag to relax the new restrictions in scp.c, scp.1. - CVE-2019-6109 * SECURITY UPDATE: scp client missing received object name validation - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via snmprintf in atomicio.c, progressmeter.c, progressmeter.h, scp.c, sftp-client.c. - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in progressmeter.c, progressmeter.h, scp.c, sftp-client.c. - CVE-2019-6111 Checksums-Sha1: 1f1948d13933345e5d142ff8d825a3df2711b34d 3685308 openssh-client-dbgsym_7.6p1-4ubuntu0.2_ppc64el.ddeb 07cf6a94e3e9514f333c406f5a1a7b90fec488cd 254056 openssh-client-udeb_7.6p1-4ubuntu0.2_ppc64el.udeb f0d65c116f675ad87e13ef40f2413a9461c258bf 645472 openssh-client_7.6p1-4ubuntu0.2_ppc64el.deb 17e08c06a68e6651d9dd5c229c3bcfc94116664c 1045720 openssh-server-dbgsym_7.6p1-4ubuntu0.2_ppc64el.ddeb ffb496724c40bd5d0c06667c6f6ed54ca1f03ed0 258392 openssh-server-udeb_7.6p1-4ubuntu0.2_ppc64el.udeb 01cfaaf227e5cf26e4c50e1803a8fd3bd8b9eeb0 375988 openssh-server_7.6p1-4ubuntu0.2_ppc64el.deb 1682a0807ec73105ae66acfa14744d6583d25ac9 148676 openssh-sftp-server-dbgsym_7.6p1-4ubuntu0.2_ppc64el.ddeb 80e4002d114882b493daf9fced8d5ee01b880c0d 49972 openssh-sftp-server_7.6p1-4ubuntu0.2_ppc64el.deb f82d2c0eeb35bbdd056ba89d75279b225d6fd26d 16942 openssh_7.6p1-4ubuntu0.2_ppc64el.buildinfo 8f2f1ad7e0a65a5726810423fc64f8e943ceb353 8457 openssh_7.6p1-4ubuntu0.2_ppc64el_translations.tar.gz ceab306de8fac682f39888c64b3a472ee33a48b3 11980 ssh-askpass-gnome-dbgsym_7.6p1-4ubuntu0.2_ppc64el.ddeb 03599d0ef5075c632503fb1922f65575756832f5 17188 ssh-askpass-gnome_7.6p1-4ubuntu0.2_ppc64el.deb Checksums-Sha256: 688b48e15d7613094eee54f8e4a2cb971cf68e3c0b9a1a686075624472c9e4f8 3685308 openssh-client-dbgsym_7.6p1-4ubuntu0.2_ppc64el.ddeb 15a7b7d42934561bfe8dfbc544b7d247db29ab3b7be8ab1df2e49a2b4d660f71 254056 openssh-client-udeb_7.6p1-4ubuntu0.2_ppc64el.udeb b17bc46e39413e3054d202bbaa198465c34bdd95ebdf95a549c217a8be30d833 645472 openssh-client_7.6p1-4ubuntu0.2_ppc64el.deb d7f42806f4f20844030b46f584a75a1c5ebe4ebf6cfaefdc03ce60f031a64756 1045720 openssh-server-dbgsym_7.6p1-4ubuntu0.2_ppc64el.ddeb 65767d5eb9a71992afce92f93d601c3f6d94958415bd1d939d34b54f870faf7f 258392 openssh-server-udeb_7.6p1-4ubuntu0.2_ppc64el.udeb 5129520b81a473328cc26bb0e18c2eace47a5c815f0783f4d325810bbc8201eb 375988 openssh-server_7.6p1-4ubuntu0.2_ppc64el.deb 8a672757291c1604adc663b960be6d5cd7f77555e86d23f8b13d596a7dcd418f 148676 openssh-sftp-server-dbgsym_7.6p1-4ubuntu0.2_ppc64el.ddeb 2fbcc19ca9a7553f604fd8757e1ce3519d2a479340fd4ee5f1e2cd93af8508e3 49972 openssh-sftp-server_7.6p1-4ubuntu0.2_ppc64el.deb 8e1436a074b8ed8f94b12fee45e6f3e8e5a4f8fc306f75b182cee5a6122a86c7 16942 openssh_7.6p1-4ubuntu0.2_ppc64el.buildinfo 709bb36f692a6a62ddca5b3ca9a466dd3cb0f2a7ee67a9be844a031c03127ecd 8457 openssh_7.6p1-4ubuntu0.2_ppc64el_translations.tar.gz b1945fd99112f0b600b401396a76908b44817a4228b79ac394b8affb47211ae7 11980 ssh-askpass-gnome-dbgsym_7.6p1-4ubuntu0.2_ppc64el.ddeb bec060715d959cc21ee905692eb0341b356f156de89b01948d75de79789b5dd3 17188 ssh-askpass-gnome_7.6p1-4ubuntu0.2_ppc64el.deb Files: 5c66faa735d67a14d9a0c176f901110f 3685308 debug optional openssh-client-dbgsym_7.6p1-4ubuntu0.2_ppc64el.ddeb 6a5bafcb6e3fc41d6ff5a49ea5d2b4ea 254056 debian-installer optional openssh-client-udeb_7.6p1-4ubuntu0.2_ppc64el.udeb 55695ab2ae413b140b88c21e8cc66570 645472 net standard openssh-client_7.6p1-4ubuntu0.2_ppc64el.deb 989fef30868ec76b204184e40d1cb1d0 1045720 debug optional openssh-server-dbgsym_7.6p1-4ubuntu0.2_ppc64el.ddeb ae4f875513c01bc3ba62b1f926aa5faa 258392 debian-installer optional openssh-server-udeb_7.6p1-4ubuntu0.2_ppc64el.udeb f2f986f19743b5b6588573e85f0be7b8 375988 net optional openssh-server_7.6p1-4ubuntu0.2_ppc64el.deb 45946ae84240cfbafc2c3088bba7fce9 148676 debug optional openssh-sftp-server-dbgsym_7.6p1-4ubuntu0.2_ppc64el.ddeb 2bc57f2e0e11ec673b10bb12a0b5b577 49972 net optional openssh-sftp-server_7.6p1-4ubuntu0.2_ppc64el.deb ded55213850b6012f71d06ecf6155d05 16942 net standard openssh_7.6p1-4ubuntu0.2_ppc64el.buildinfo 3e04aeb6e3cab5f28e08db829ebc953b 8457 raw-translations - openssh_7.6p1-4ubuntu0.2_ppc64el_translations.tar.gz 441ac116f8fdd6299f12c896651c8805 11980 debug optional ssh-askpass-gnome-dbgsym_7.6p1-4ubuntu0.2_ppc64el.ddeb e0f4d81c76edf17854a21020d0e66699 17188 gnome optional ssh-askpass-gnome_7.6p1-4ubuntu0.2_ppc64el.deb Original-Maintainer: Debian OpenSSH Maintainers