[ubuntu/precise-security] openssh 1:5.9p1-5ubuntu1.6 (Accepted)

Marc Deslauriers Fri, 14 Aug 2015 08:14:03 -0700

openssh (1:5.9p1-5ubuntu1.6) precise-security; urgency=medium

  * SECURITY UPDATE: possible user impersonation via PAM support
    - debian/patches/pam-security-1.patch: don't resend username to PAM in
      monitor.c, monitor_wrap.c.
    - CVE number pending
  * SECURITY UPDATE: use-after-free in PAM support
    - debian/patches/pam-security-2.patch: fix use after free in monitor.c.
    - CVE number pending
  * SECURITY UPDATE: 
    - debian/patches/CVE-2015-5600.patch: only query each
      keyboard-interactive device once per authentication request in
      auth2-chall.c.
    - CVE-2015-5600
  * SECURITY UPDATE: X connections access restriction bypass
    - debian/patches/CVE-2015-5352.patch: refuse ForwardX11Trusted=no
      connections attempted after ForwardX11Timeout expires in channels.c,
      channels.h, clientloop.c.
    - CVE-2015-5352


openssh (1:5.9p1-5ubuntu1.4) precise; urgency=medium

  * Re-enable btmp logging, as its permissions were fixed a long time ago.
    Backport from Debian and Trusty. (LP: #743858)

Date: 2015-08-14 13:34:12.772440+00:00
Changed-By: Marc Deslauriers <[email protected]>
Maintainer: Colin Watson <[email protected]>
https://launchpad.net/ubuntu/+source/openssh/1:5.9p1-5ubuntu1.6

Sorry, changesfile not available.

-- 
Precise-changes mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/precise-changes

[ubuntu/precise-security] openssh 1:5.9p1-5ubuntu1.6 (Accepted)

Reply via email to