ubuntu/+source/openssh:ubuntu/precise-updates

Last commit made on 2016-08-15
Get this branch:
git clone -b ubuntu/precise-updates https://git.launchpad.net/ubuntu/+source/openssh
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/precise-updates
Repository:
lp:ubuntu/+source/openssh

Recent commits

6778972... by Marc Deslauriers on 2016-08-11

Import patches-unapplied version 1:5.9p1-5ubuntu1.10 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 0d8db84deca89c690a603a7f6f5904ede638d7e8

New changelog entries:
  * SECURITY UPDATE: user enumeration via covert timing channel
    - debian/patches/CVE-2016-6210-1.patch: determine appropriate salt for
      invalid users in auth-passwd.c, openbsd-compat/xcrypt.c.
    - debian/patches/CVE-2016-6210-2.patch: mitigate timing of disallowed
      users PAM logins in auth-pam.c.
    - debian/patches/CVE-2016-6210-3.patch: search users for one with a
      valid salt in openbsd-compat/xcrypt.c.
    - CVE-2016-6210
  * SECURITY UPDATE: denial of service via long passwords
    - debian/patches/CVE-2016-6515.patch: skip passwords longer than 1k in
      length in auth-passwd.c.
    - CVE-2016-6515

0d8db84... by Marc Deslauriers on 2016-05-05

Import patches-unapplied version 1:5.9p1-5ubuntu1.9 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: b880ca3892cdbe33b9505694ce063ad9d33d74ca

New changelog entries:
  * SECURITY UPDATE: privilege escalation via environment files when
    UseLogin is configured
    - debian/patches/CVE-2015-8325.patch: ignore PAM environment vars when
      UseLogin is enabled in session.c.
    - CVE-2015-8325
  * SECURITY UPDATE: fallback from untrusted X11-forwarding to trusted
    - debian/patches/CVE-2016-1908-1.patch: use stack memory in
      clientloop.c.
    - debian/patches/CVE-2016-1908-2.patch: eliminate fallback in
      clientloop.c, clientloop.h, mux.c, ssh.c.
    - CVE-2016-1908
  * SECURITY UPDATE: shell-command restrictions bypass via crafted X11
    forwarding data
    - debian/patches/CVE-2016-3115.patch: sanitise characters destined for
      xauth in session.c.
    - CVE-2016-3115

b880ca3... by Marc Deslauriers on 2016-01-13

Import patches-unapplied version 1:5.9p1-5ubuntu1.8 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 20ff496644c815dcb845e59534ece8a42530aa3d

New changelog entries:
  * SECURITY UPDATE: information leak and overflow in roaming support
    - debian/patches/CVE-2016-077x.patch: completely disable roaming option
      in readconf.c.
    - CVE-2016-0777
    - CVE-2016-0778

20ff496... by Marc Deslauriers on 2015-08-18

Import patches-unapplied version 1:5.9p1-5ubuntu1.7 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 03f0b00a6f48debc619add7c23e735dc1282cb15

New changelog entries:
  * SECURITY REGRESSION: random auth failures because of uninitialized
    struct field (LP: #1485719)
    - debian/patches/CVE-2015-5600-2.patch:

03f0b00... by Marc Deslauriers on 2015-08-14

Import patches-unapplied version 1:5.9p1-5ubuntu1.6 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 39a4bef65a12b1381bdeb675d9e7a3e86624d8f4

New changelog entries:
  * SECURITY UPDATE: possible user impersonation via PAM support
    - debian/patches/pam-security-1.patch: don't resend username to PAM in
      monitor.c, monitor_wrap.c.
    - CVE number pending
  * SECURITY UPDATE: use-after-free in PAM support
    - debian/patches/pam-security-2.patch: fix use after free in monitor.c.
    - CVE number pending
  * SECURITY UPDATE:
    - debian/patches/CVE-2015-5600.patch: only query each
      keyboard-interactive device once per authentication request in
      auth2-chall.c.
    - CVE-2015-5600
  * SECURITY UPDATE: X connections access restriction bypass
    - debian/patches/CVE-2015-5352.patch: refuse ForwardX11Trusted=no
      connections attempted after ForwardX11Timeout expires in channels.c,
      channels.h, clientloop.c.
    - CVE-2015-5352

39a4bef... by Louis Bouchard on 2014-04-22

Import patches-unapplied version 1:5.9p1-5ubuntu1.4 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 7f37ffb759821df55913da5781887e7ee02ec61f

New changelog entries:
  * Re-enable btmp logging, as its permissions were fixed a long time ago.
    Backport from Debian and Trusty. (LP: #743858)

7f37ffb... by Marc Deslauriers on 2014-04-07

Import patches-unapplied version 1:5.9p1-5ubuntu1.3 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 803828d79edc0f6c3ec027d0e29b6fbca041f65e

New changelog entries:
  * SECURITY UPDATE: failure to check SSHFP records if server presents a
    certificate
    - debian/patches/CVE-2014-2653.patch: fix logic in sshconnect.c.
    - CVE-2014-2653

803828d... by Marc Deslauriers on 2014-03-21

Import patches-unapplied version 1:5.9p1-5ubuntu1.2 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: f166e6c7de4ebfee0d1046d8cc05156aac1f7fb8

New changelog entries:
  * SECURITY UPDATE: AcceptEnv wildcard environment restrictions bypass
    - debian/patches/CVE-2014-2532.patch: don't allow invalid chars in
      session.c.
    - CVE-2014-2532

f166e6c... by Colin Watson on 2013-03-26

Import patches-unapplied version 1:5.9p1-5ubuntu1.1 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 1df33335f63703d5f182453ac1f371806e64414d

New changelog entries:
  [ Gunnar Hjalmarsson ]
  * debian/openssh-server.sshd.pam: Explicitly state that ~/.pam_environment
    should be read, and move the pam_env calls from "auth" to "session" so
    that it's also read when $HOME is encrypted (LP: #952185).

1df3333... by Colin Watson on 2012-04-02

Import patches-unapplied version 1:5.9p1-5ubuntu1 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: a7ab0a248f719c14aeb65ada89a2459ff11a74af

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
    - Convert to Upstart. The init script is still here for the benefit of
      people running sshd in chroots.
    - Install apport hook.
    - Add mention of ssh-keygen in ssh connect warning.
  * Sync up pkg-config variable used in configure's ConsoleKit test with
    that used for libedit.