This repository has been archived by the owner on Mar 16, 2022. It is now read-only.
1.273.0
·
13 commits
to master
since this release
Notably, this release addresses:
USN-3885-2 USN-3885-2: OpenSSH vulnerability:
- CVE-2019-6111: An issue was discovered in OpenSSH 7.9. Due to the scp implementation beingderived from 1983 rcp, the server chooses which files/directories are sentto the client. However, the scp client only performs cursory validation ofthe object name returned (only directory traversal attacks are prevented).A malicious scp server (or Man-in-The-Middle attacker) can overwritearbitrary files in the scp client target directory. If recursive operation(-r) is performed, the server can manipulate subdirectories as well (forexample, to overwrite the .ssh/authorized_keys file).
-ii openssh-client 1:6.6p1-2ubuntu2.12 amd64 secure shell (SSH) client, for secure access to remote machines
-ii openssh-server 1:6.6p1-2ubuntu2.12 amd64 secure shell (SSH) server, for secure access from remote machines
-ii openssh-sftp-server 1:6.6p1-2ubuntu2.12 amd64 secure shell (SSH) sftp server module, for SFTP access from remote machines
+ii openssh-client 1:6.6p1-2ubuntu2.13 amd64 secure shell (SSH) client, for secure access to remote machines
+ii openssh-server 1:6.6p1-2ubuntu2.13 amd64 secure shell (SSH) server, for secure access from remote machines
+ii openssh-sftp-server 1:6.6p1-2ubuntu2.13 amd64 secure shell (SSH) sftp server module, for SFTP access from remote machines