Ubuntu
openssh package

lp:ubuntu/hoary-security/openssh

Hoary (5.04)
hoary-security

Created by James Westby on 2009-12-02 and last modified on 2009-12-02

Get this branch:: bzr branch lp:ubuntu/hoary-security/openssh

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Development

Recent revisions

6. By Martin Pitt on 2006-10-02: * SECURITY UPDATE: Remote DoS.
* CVE-2006-4924: Fix a pre-authentication denial of service found by
  Tavis Ormandy, that would cause sshd(8) to spin until the login grace
  time expired.
  Upstream fixes:
  http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.c.diff?r1=1.29&r2=1.30&sortby=date&f=h
  http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.143&r2=1.144&sortby=date&f=h
  http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.h.diff?r1=1.9&r2=1.10&sortby=date&f=h
* Fix an unsafe signal hander reported by Mark Dowd. The
  signal handler was vulnerable to a race condition that could be
  exploited to perform a pre-authentication denial of service. [CVE-2006-5051]
  On portable OpenSSH, this vulnerability could theoretically lead to
  pre-authentication remote code execution if GSSAPI authentication is
  enabled, but the likelihood of successful exploitation appears remote.
  [CVE-2006-5052]
* Above patches taken from Debian's 4.3p2-4 version, thanks to Colin Watson
  for backporting them from 4.4p1.
5. By Martin Pitt on 2006-02-20: * SECURITY UPDATE: Shell code injection with crafted file names in scp.
* Ported upstream patch from 4.3p2 to replace system() call with a proper
exec() call; this avoids expanding shell metacharacters in local-to-local
or remote-to-remote copies.
* CVE-2006-0225
4. By Martin Pitt on 2005-10-17: * SECURITY UPDATE: Information disclosure.
* gss-serv.c, sshconnect2.c: Do not delegate GSSAPI credentials to log in
with a different method than GSSAPI.
* CAN-2005-2798
3. By Colin Watson on 2005-03-15: Don't ask unnecessary and misplaced ssh/forward_warning debconf note
(closes: Ubuntu #7363).
2. By Colin Watson on 2004-10-07: * Nathaniel McCallum:
- debian/openssh-server.init: pretty initscript
- debian/control: versioned depend on lsb-base
1. By Noah Meyerhans on 2006-10-31: Import upstream version 3.8.1p1

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/lucid/openssh

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntuopenssh package