[ubuntu/precise-security] openssh 1:5.9p1-5ubuntu1.9 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon May 9 18:34:44 UTC 2016
openssh (1:5.9p1-5ubuntu1.9) precise-security; urgency=medium
* SECURITY UPDATE: privilege escalation via environment files when
UseLogin is configured
- debian/patches/CVE-2015-8325.patch: ignore PAM environment vars when
UseLogin is enabled in session.c.
- CVE-2015-8325
* SECURITY UPDATE: fallback from untrusted X11-forwarding to trusted
- debian/patches/CVE-2016-1908-1.patch: use stack memory in
clientloop.c.
- debian/patches/CVE-2016-1908-2.patch: eliminate fallback in
clientloop.c, clientloop.h, mux.c, ssh.c.
- CVE-2016-1908
* SECURITY UPDATE: shell-command restrictions bypass via crafted X11
forwarding data
- debian/patches/CVE-2016-3115.patch: sanitise characters destined for
xauth in session.c.
- CVE-2016-3115
Date: 2016-05-05 14:03:16.096699+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Maintainer: Colin Watson <cjwatson at canonical.com>
https://launchpad.net/ubuntu/+source/openssh/1:5.9p1-5ubuntu1.9
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list