ubuntu/+source/openssh:ubuntu/trusty-updates

Last commit made on 2019-03-04
Get this branch:
git clone -b ubuntu/trusty-updates https://git.launchpad.net/ubuntu/+source/openssh
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-updates
Repository:
lp:ubuntu/+source/openssh

Recent commits

4b28d96... by Marc Deslauriers on 2019-03-04

Import patches-unapplied version 1:6.6p1-2ubuntu2.13 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 3c2e5adf20c1c2b01e8336a44e705c4ec593147f

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-pre1.patch: add reallocarray to
      openbsd-compat/Makefile.in, openbsd-compat/openbsd-compat.h,
      openbsd-compat/reallocarray.c.
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

3c2e5ad... by Marc Deslauriers on 2019-01-31

Import patches-unapplied version 1:6.6p1-2ubuntu2.12 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 1fb1ec9df8260d00ce12d988fb544cb6c0297b6f

New changelog entries:
  * SECURITY UPDATE: access restrictions bypass in scp
    - debian/patches/CVE-2018-20685.patch: disallow empty filenames
      or ones that refer to the current directory in scp.c.
    - CVE-2018-20685
  * SECURITY UPDATE: scp client spoofing via object name
    - debian/patches/CVE-2019-6109.patch: make sure the filenames match
      the wildcard specified by the user, and add new flag to relax the new
      restrictions in scp.c, scp.1.
    - CVE-2019-6109
  * SECURITY UPDATE: scp client missing received object name validation
    - debian/patches/CVE-2019-6111-pre1.patch: backport snmprintf from
      newer OpenSSH in Makefile.in, utf8.c, utf8.h, configure.ac.
    - debian/patches/CVE-2019-6111-pre2.patch: update vis.h and vis.c from
      newer OpenSSH.
    - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
      snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
      scp.c, sftp-client.c.
    - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
      progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
    - CVE-2019-6111

1fb1ec9... by Ryan Finnie on 2018-10-13

Import patches-unapplied version 1:6.6p1-2ubuntu2.11 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 30128f4f3e40432528ade3dc7eefb0d390a5bc51

New changelog entries:
  * SECURITY UPDATE: OpenSSH User Enumeration Vulnerability (LP: #1794629)
    - debian/patches/CVE-2018-15473.patch: delay bailout for invalid
      authenticating user until after the packet containing the request
      has been fully parsed.
    - CVE-2018-15473
  [ Leonidas S. Barbosa ]
  * SECURITY UPDATE: Privsep process chrashing via an out-of-sequence
    - debian/patches/CVE-2016-10708.patch: fix in kex.c,
      pack.c.
    - CVE-2016-10708

30128f4... by Marc Deslauriers on 2018-01-15

Import patches-unapplied version 1:6.6p1-2ubuntu2.10 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 8815edb59856a6bd040de7166e24479e4880b885

New changelog entries:
  * SECURITY UPDATE: untrusted search path when loading PKCS#11 modules
    - debian/patches/CVE-2016-10009.patch: add a whitelist of paths from
      which ssh-agent will load a PKCS#11 module in ssh-agent.1,
      ssh-agent.c.
    - debian/patches/CVE-2016-10009-2.patch: fix deletion of PKCS#11 keys
      in ssh-agent.c.
    - debian/patches/CVE-2016-10009-3.patch: relax whitelist in
      ssh-agent.c.
    - debian/patches/CVE-2016-10009-4.patch: add missing label in
      ssh-agent.c.
    - CVE-2016-10009
  * SECURITY UPDATE: local information disclosure via effects of realloc on
    buffer contents
    - debian/patches/CVE-2016-10011.patch: pre-allocate the buffer used for
      loading keys in authfile.c.
    - CVE-2016-10011
  * SECURITY UPDATE: local privilege escalation via incorrect bounds check
    in shared memory manager
    - debian/patches/CVE-2016-10012-1-2.patch: remove support for
      pre-authentication compression in kex.c, kex.h, Makefile.in,
      monitor.c, monitor.h, monitor_wrap.c, monitor_wrap.h, myproposal.h,
      packet.c, servconf.c, sshd.c, sshd_config.5.
    - debian/patches/CVE-2016-10012-3.patch: put back some pre-auth zlib
      bits in kex.c, kex.h, packet.c.
    - CVE-2016-10012
  * SECURITY UPDATE: DoS via zero-length file creation in readonly mode
    - debian/patches/CVE-2017-15906.patch: disallow creation of empty files
      in sftp-server.c.
    - CVE-2017-15906

8815edb... by Marc Deslauriers on 2016-08-11

Import patches-unapplied version 1:6.6p1-2ubuntu2.8 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: b6b8daa4beb7f728acf5532680d6dc3e513d3244

New changelog entries:
  * SECURITY UPDATE: user enumeration via covert timing channel
    - debian/patches/CVE-2016-6210-1.patch: determine appropriate salt for
      invalid users in auth-passwd.c, openbsd-compat/xcrypt.c.
    - debian/patches/CVE-2016-6210-2.patch: mitigate timing of disallowed
      users PAM logins in auth-pam.c.
    - debian/patches/CVE-2016-6210-3.patch: search users for one with a
      valid salt in openbsd-compat/xcrypt.c.
    - CVE-2016-6210
  * SECURITY UPDATE: denial of service via long passwords
    - debian/patches/CVE-2016-6515.patch: skip passwords longer than 1k in
      length in auth-passwd.c.
    - CVE-2016-6515

b6b8daa... by Marc Deslauriers on 2016-05-05

Import patches-unapplied version 1:6.6p1-2ubuntu2.7 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 9cab392c42c69c7a75b94cc5e5ced5369234ff14

New changelog entries:
  * SECURITY UPDATE: privilege escalation via environment files when
    UseLogin is configured
    - debian/patches/CVE-2015-8325.patch: ignore PAM environment vars when
      UseLogin is enabled in session.c.
    - CVE-2015-8325
  * SECURITY UPDATE: fallback from untrusted X11-forwarding to trusted
    - debian/patches/CVE-2016-1908-1.patch: use stack memory in
      clientloop.c.
    - debian/patches/CVE-2016-1908-2.patch: eliminate fallback in
      clientloop.c, clientloop.h, mux.c, ssh.c.
    - CVE-2016-1908
  * SECURITY UPDATE: shell-command restrictions bypass via crafted X11
    forwarding data
    - debian/patches/CVE-2016-3115.patch: sanitise characters destined for
      xauth in session.c.
    - CVE-2016-3115

9cab392... by Mathieu Trudel-Lapierre on 2016-01-26

Import patches-unapplied version 1:6.6p1-2ubuntu2.6 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: f9c816c12b5b33107203e4f8ec2ea7910b3f6543

New changelog entries:
  * debian/control, debian/rules: enable libaudit support. (LP: #1478087)

f9c816c... by Kees Cook on 2016-01-14

Import patches-unapplied version 1:6.6p1-2ubuntu2.5 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 481d0204ec710bd12660ba14199e52da7c00cc08

New changelog entries:
  * Backport upstream reporting of max auth attempts, so that fail2bail
    and similar tools can learn the IP address of brute forcers.
    (LP: #1534340)
    - debian/patches/report-max-auth.patch

481d020... by Marc Deslauriers on 2016-01-13

Import patches-unapplied version 1:6.6p1-2ubuntu2.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 7f4569cee16987dddeccddeefe499973cf1ae314

New changelog entries:
  * SECURITY UPDATE: information leak and overflow in roaming support
    - debian/patches/CVE-2016-077x.patch: completely disable roaming option
      in readconf.c.
    - CVE-2016-0777
    - CVE-2016-0778

7f4569c... by Marc Deslauriers on 2015-08-18

Import patches-unapplied version 1:6.6p1-2ubuntu2.3 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: d74206146877ab23923243850d6f76b44191e9f6

New changelog entries:
  * SECURITY REGRESSION: random auth failures because of uninitialized
    struct field (LP: #1485719)
    - debian/patches/CVE-2015-5600-2.patch: