Univention Bugzilla – Bug 46619
openssh: Multiple issues (4.3)
Last modified: 2018-05-16 17:04:00 CEST
New Debian openssh 1:7.4p1-10+deb9u3 fixes: This update addresses the following issue: * CVE-2017-15906: In read-only mode, sftp-server was incorrectly permitting creation of zero-length files. CVE-2017-15906 openssh: Improper write operations in readonly mode allow for zero-length file creation
[4.3-0] c9b3873e00 Bug #46619: openssh_1:7.4p1-10+deb9u3
--- mirror/ftp/4.3/unmaintained/4.3-0/source/openssh_7.4p1-10+deb9u2.dsc +++ apt/ucs_4.3-0-errata4.3-0/source/openssh_7.4p1-10+deb9u3.dsc @@ -1,3 +1,9 @@ +1:7.4p1-10+deb9u3 [Thu, 01 Mar 2018 15:17:53 +0000] Colin Watson <cjwatson@debian.org>: + + * CVE-2017-15906: sftp-server(8): In read-only mode, sftp-server was + incorrectly permitting creation of zero-length files. Reported by Michal + Zalewski. + 1:7.4p1-10+deb9u2 [Sat, 18 Nov 2017 09:37:22 +0000] Colin Watson <cjwatson@debian.org>: * Test configuration before starting or reloading sshd under systemd
* No UCS specific patches * Comparison to previously shipped version ok * Binary package update Ok * Advisory Ok
<http://errata.software-univention.de/ucs/4.3/63.html>