Univention Bugzilla – Bug 47778
openssh: Multiple issues (4.2)
Last modified: 2018-09-12 13:19:59 CEST
New Debian openssh 1:6.7p1-5+deb8u6A~4.2.4.201809110916 fixes: This update addresses the following issues: * XSECURITY restrictions bypass under certain conditions in ssh(1) (CVE-2015-5352) * MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices (CVE-2015-5600) * Privilege separation weakness related to PAM support (CVE-2015-6563) * Use-after-free bug related to PAM support (CVE-2015-6564) * possible fallback from untrusted to trusted X11 forwarding (CVE-2016-1908) * missing sanitisation of input for X11 forwarding (CVE-2016-3115) * Denial of service via very long passwords (CVE-2016-6515) * loading of untrusted PKCS#11 modules in ssh-agent (CVE-2016-10009) * Leak of host private key material to privilege-separated child process via realloc() (CVE-2016-10011) * Bounds check can be evaded in the shared memory manager used by pre-authentication compression support (CVE-2016-10012) * Out of sequence NEWKEYS message can allow remote attacker to cause denial of service (CVE-2016-10708) * Improper write operations in readonly mode allow for zero-length file creation (CVE-2017-15906) * XSECURITY restrictions bypass under certain conditions in ssh(1) (CVE-2015-5352) * MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices (CVE-2015-5600) * Leak of host private key material to privilege-separated child process via realloc() (CVE-2016-10011) * Bounds check can be evaded in the shared memory manager used by pre-authentication compression support (CVE-2016-10012) * Out of sequence NEWKEYS message can allow remote attacker to cause denial of service (CVE-2016-10708) * Improper write operations in readonly mode allow for zero-length file creation (CVE-2017-15906)
--- mirror/ftp/4.2/unmaintained/component/4.2-4-errata/source/openssh_6.7p1-5+deb8u5A~4.2.4.201808221019.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/openssh_6.7p1-5+deb8u6.dsc @@ -1,9 +1,35 @@ -1:6.7p1-5+deb8u5A~4.2.4.201808221019 [Wed, 22 Aug 2018 10:19:17 +0200] Univention builddaemon <buildd@univention.de>: +1:6.7p1-5+deb8u6 [Wed, 29 Aug 2018 12:01:36 +0200] Santiago Ruano Rincón <santiagorr@riseup.net>: - * UCS auto build. The following patches have been applied to the original source package - CVE-2015-5352 - CVE-2015-5600-1 - CVE-2015-5600-2 + * Fix CVE-2015-5352: Reject X11 connections after hard-coded Xauth cookie + expiration time of 1200 seconds. + (Closes: #790798) + * CVE-2015-5600: MaxAuthTries limit bypass via duplicates in + KbdInteractiveDevices + - Add debian/patches/CVE-2015-5600-2.patch: initialize struct field + (Closes: #793616) + * CVE-2015-6563: Privilege separation weakness in PAM support + (Closes: #795711) + * CVE-2015-6564: use-after-free in PAM support + * CVE-2016-10009: Untrusted search path vulnerability in ssh-agent.c in + ssh-agent allows remote attackers to execute arbitrary local PKCS#11 + modules by leveraging control over a forwarded agent-socket. + * CVE-2016-10011: Possible local information disclosure by the effects of + realloc on buffer contents + (Closes: #848716) + - add split-allocation-out-of-sshbuf_reserve.patch, required to address + the issue. + * CVE-2016-10012: Lack of bounds check in the shared memory manager that + could lead to local privilege escalation + (Closes: #848717) + * CVE-2016-10708: privsep process chrashing via an out-of-sequence + NEWKEYS message + * CVE-2016-1908: mishandling failed cookie generation for untrusted X11 + forwarding + * CVE-2016-3115: shell-command restrictions bypass via crafted X11 + forwarding data + * CVE-2016-6515: not limit password lengths for password authentication + that may be used to DoS via crypt CPU consumption + * CVE-2017-15906: sftp-server.c flaw at handling zero-length files. 1:6.7p1-5+deb8u5 [Tue, 21 Aug 2018 18:04:27 +0100] Chris Lamb <lamby@debian.org>: <http://10.200.17.11/4.2-4/#2247060911678882918>
r18276 | Bug #47778: Drop UCS specific patches merged by Debian - CVE-2015-5352.quilt - CVE-2015-5600-1.quilt - CVE-2015-5600-2.quilt OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-4] 4d3635e8a3 Bug #47778: openssh 1:6.7p1-5+deb8u6 doc/errata/staging/openssh.yaml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+)
<http://errata.software-univention.de/ucs/4.2/510.html>