Bug 40438

Summary: openssh: multiple issues (4.1)
Product: UCS Reporter: Arvid Requate <requate>
Component: Security updatesAssignee: Arvid Requate <requate>
Status: CLOSED FIXED QA Contact: Janek Walkenhorst <walkenhorst>
Severity: normal    
Priority: P2 Flags: requate: Patch_Available+
Version: UCS 4.1   
Target Milestone: UCS 4.1-0-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: Security Issue What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Security
Max CVSS v3 score:
Bug Depends on:    
Bug Blocks: 40439, 40440    

Description Arvid Requate univentionstaff 2016-01-15 10:08:58 CET 
Upstream Debian package version 1:6.0p1-4+deb7u3 fixes these issues:

* Client Information leak due to use of roaming connection feature (CVE-2016-0777)
* Client buffer-overflow when using roaming connections (CVE-2016-0778)
Comment 1 Arvid Requate univentionstaff 2016-01-15 10:42:18 CET 
Upstream version imported, existing buildsystem patches adjusted, package built.
Advisory: openssh.yaml
Comment 2 Janek Walkenhorst univentionstaff 2016-01-15 12:06:43 CET 
Patches: OK
Fix included: Upstream
Tests: OK
Advisory: OK
Comment 3 Janek Walkenhorst univentionstaff 2016-01-15 12:20:56 CET 
<http://errata.software-univention.de/ucs/4.1/56.html>