[ubuntu/vivid-security] openssh 1:6.7p1-5ubuntu1.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Fri Aug 14 15:11:41 UTC 2015
openssh (1:6.7p1-5ubuntu1.2) vivid-security; urgency=medium
* SECURITY UPDATE: possible user impersonation via PAM support
- debian/patches/pam-security-1.patch: don't resend username to PAM in
monitor.c, monitor_wrap.c.
- CVE number pending
* SECURITY UPDATE: use-after-free in PAM support
- debian/patches/pam-security-2.patch: fix use after free in monitor.c.
- CVE number pending
* SECURITY UPDATE:
- debian/patches/CVE-2015-5600.patch: only query each
keyboard-interactive device once per authentication request in
auth2-chall.c.
- CVE-2015-5600
* SECURITY UPDATE: X connections access restriction bypass
- debian/patches/CVE-2015-5352.patch: refuse ForwardX11Trusted=no
connections attempted after ForwardX11Timeout expires in channels.c,
channels.h, clientloop.c.
- CVE-2015-5352
Date: 2015-08-14 13:27:14.179712+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/openssh/1:6.7p1-5ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Vivid-changes
mailing list