lp:ubuntu/feisty-security/openssh

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

24. By Kees Cook on 2008-09-29

* SECURITY UPDATE: block signal handler crash DoS.
* log.c: backport upstream corrections, thanks to Florian Weimer.
* References
  CVE-2008-4109

23. By Jamie Strandboge on 2008-05-14

* Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel).
* ssh-vulnkey handles options in authorized_keys (LP: #230029), and treats
  # as introducing a comment even if it is preceded by whitespace (thanks
  Colin Watson).

22. By Jamie Strandboge on 2008-05-13

* Mitigate OpenSSL security vulnerability thank to Colin Watson:
  - Add key blacklisting support. Keys listed in
    /etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by
    sshd, unless "PermitBlacklistedKeys yes" is set in
    /etc/ssh/sshd_config.
  - Add a new program, ssh-vulnkey, which can be used to check keys
    against these blacklists.
  - Depend on openssh-blacklist.
  - Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least
    0.9.8c-4ubuntu0.3.
  - Automatically regenerate known-compromised host keys, with a
    critical-priority debconf note. (I regret that there was no time to
    gather translations.)
* added README.compromised-keys thanks to Colin Watson
* References
  CVE-2008-0166
  http://www.ubuntu.com/usn/usn-612-1

21. By Kees Cook on 2008-04-01

* SECURITY UPDATE: X11 forward hijacking via alternate address families.
* channels.c: upstream fixes, patched inline. Thanks to Nicolas Valcarcel
  (LP: #210175).
* References
  CVE-2008-1483

20. By Kees Cook on 2008-01-09

* SECURITY UPDATE: trusted cookie leak when untrusted cookie cannot be
  generated.
* clientloop.c: Applied patch according to openssh upstream (LP: #162171),
  thanks to Stephan Hermann.
* References:
  CVE-2007-4752
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444738
  http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/clientloop.c.diff?r1=1.180&r2=1.181

19. By Colin Watson on 2007-02-19

* Resynchronise with Debian. Remaining changes:
  - Add /sbin, /usr/sbin, and /usr/local/sbin to the default path.
  - Use LSB init script functions.
  - Increase MAX_SESSIONS to 64.
  - Remove stop links from rc0 and rc6.
* Build position-independent executables (only for debs, not for udebs) to
  take advantage of address space layout randomisation (thanks, Kees
  Cook).
* Set Maintainer to me.

18. By Colin Watson on 2006-12-11

* Resynchronise with Debian. Remaining changes:
  - Add /sbin, /usr/sbin, and /usr/local/sbin to the default path.
  - Use LSB init script functions.
  - Increase MAX_SESSIONS to 64.
  - Remove stop links from rc0 and rc6.

17. By Colin Watson on 2006-11-27

* Resynchronise with Debian. Remaining changes:
  - Add /sbin, /usr/sbin, and /usr/local/sbin to the default path.
  - Use LSB init script functions.
  - Increase MAX_SESSIONS to 64.
  - Remove stop links from rc0 and rc6.

16. By Colin Watson on 2006-10-05

Resynchronise with Debian.

15. By Colin Watson on 2006-09-29

Resynchronise with Debian.