[ubuntu/trusty-security] openssh 1:6.6p1-2ubuntu2.10 (Accepted)

[Marc Deslauriers]

openssh (1:6.6p1-2ubuntu2.10) trusty-security; urgency=medium

  * SECURITY UPDATE: untrusted search path when loading PKCS#11 modules
    - debian/patches/CVE-2016-10009.patch: add a whitelist of paths from
      which ssh-agent will load a PKCS#11 module in ssh-agent.1,
      ssh-agent.c.
    - debian/patches/CVE-2016-10009-2.patch: fix deletion of PKCS#11 keys
      in ssh-agent.c.
    - debian/patches/CVE-2016-10009-3.patch: relax whitelist in
      ssh-agent.c.
    - debian/patches/CVE-2016-10009-4.patch: add missing label in
      ssh-agent.c.
    - CVE-2016-10009
  * SECURITY UPDATE: local information disclosure via effects of realloc on
    buffer contents
    - debian/patches/CVE-2016-10011.patch: pre-allocate the buffer used for
      loading keys in authfile.c.
    - CVE-2016-10011
  * SECURITY UPDATE: local privilege escalation via incorrect bounds check
    in shared memory manager
    - debian/patches/CVE-2016-10012-1-2.patch: remove support for
      pre-authentication compression in kex.c, kex.h, Makefile.in,
      monitor.c, monitor.h, monitor_wrap.c, monitor_wrap.h, myproposal.h,
      packet.c, servconf.c, sshd.c, sshd_config.5.
    - debian/patches/CVE-2016-10012-3.patch: put back some pre-auth zlib
      bits in kex.c, kex.h, packet.c.
    - CVE-2016-10012
  * SECURITY UPDATE: DoS via zero-length file creation in readonly mode
    - debian/patches/CVE-2017-15906.patch: disallow creation of empty files
      in sftp-server.c.
    - CVE-2017-15906

Date: 2018-01-18 14:07:13.768832+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.10
-------------- next part --------------
Sorry, changesfile not available.