openssh 1:8.9p1-3ubuntu0.3 source package in Ubuntu

Changelog

openssh (1:8.9p1-3ubuntu0.3) jammy-security; urgency=medium

  * SECURITY UPDATE: remote code execution relating to PKCS#11 providers
    - debian/patches/CVE-2023-38408-1.patch: terminate process if requested
      to load a PKCS#11 provider that isn't a PKCS#11 provider in
      ssh-pkcs11.c.
    - debian/patches/CVE-2023-38408-2.patch: disallow remote addition of
      FIDO/PKCS11 provider in ssh-agent.1, ssh-agent.c.
    - debian/patches/CVE-2023-38408-3.patch: ensure FIDO/PKCS11 libraries
      contain expected symbols in misc.c, misc.h, ssh-pkcs11.c, ssh-sk.c.
    - CVE-2023-38408

 -- Marc Deslauriers <email address hidden>  Wed, 19 Jul 2023 15:41:52 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Jammy
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Jammy security main net

Downloads

File Size SHA-256 Checksum
openssh_8.9p1.orig.tar.gz 1.7 MiB fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7
openssh_8.9p1-3ubuntu0.3.debian.tar.xz 187.4 KiB a9c19647f231ab9fbcb3b18864d1da4b1689202a19590780994249dd7d240a7f
openssh_8.9p1-3ubuntu0.3.dsc 3.0 KiB 47509550cb2269d6487dc6162de479a673d4b71e81e95dd1074b0b4918d5323a

View changes file

Binary packages built by this source

openssh-client: secure shell (SSH) client, for secure access to remote machines

 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
 group.
 .
 Ssh (Secure Shell) is a program for logging into a remote machine
 and for executing commands on a remote machine.
 It provides secure encrypted communications between two untrusted
 hosts over an insecure network. X11 connections and arbitrary TCP/IP
 ports can also be forwarded over the secure channel.
 It can be used to provide applications with a secure communication
 channel.
 .
 This package provides the ssh, scp and sftp clients, the ssh-agent
 and ssh-add programs to make public key authentication more convenient,
 and the ssh-keygen, ssh-keyscan, ssh-copy-id and ssh-argv0 utilities.
 .
 In some countries it may be illegal to use any encryption at all
 without a special permit.
 .
 ssh replaces the insecure rsh, rcp and rlogin programs, which are
 obsolete for most purposes.

openssh-client-dbgsym: debug symbols for openssh-client
openssh-server: secure shell (SSH) server, for secure access from remote machines

 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
 group.
 .
 Ssh (Secure Shell) is a program for logging into a remote machine
 and for executing commands on a remote machine.
 It provides secure encrypted communications between two untrusted
 hosts over an insecure network. X11 connections and arbitrary TCP/IP
 ports can also be forwarded over the secure channel.
 It can be used to provide applications with a secure communication
 channel.
 .
 This package provides the sshd server.
 .
 In some countries it may be illegal to use any encryption at all
 without a special permit.
 .
 sshd replaces the insecure rshd program, which is obsolete for most
 purposes.

openssh-server-dbgsym: debug symbols for openssh-server
openssh-sftp-server: secure shell (SSH) sftp server module, for SFTP access from remote machines

 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
 group.
 .
 Ssh (Secure Shell) is a program for logging into a remote machine
 and for executing commands on a remote machine.
 It provides secure encrypted communications between two untrusted
 hosts over an insecure network. X11 connections and arbitrary TCP/IP
 ports can also be forwarded over the secure channel.
 It can be used to provide applications with a secure communication
 channel.
 .
 This package provides the SFTP server module for the SSH server. It
 is needed if you want to access your SSH server with SFTP. The SFTP
 server module also works with other SSH daemons like dropbear.
 .
 OpenSSH's sftp and sftp-server implement revision 3 of the SSH filexfer
 protocol described in:
 .
  http://www.openssh.com/txt/draft-ietf-secsh-filexfer-02.txt
 .
 Newer versions of the draft will not be supported, though some features
 are individually implemented as extensions.

openssh-sftp-server-dbgsym: debug symbols for openssh-sftp-server
openssh-tests: OpenSSH regression tests

 This package provides OpenSSH's regression test suite. It is mainly
 intended for use with the autopkgtest system, though can also be run
 directly using /usr/lib/openssh/regress/run-tests.

openssh-tests-dbgsym: debug symbols for openssh-tests
ssh: secure shell client and server (metapackage)

 This metapackage is a convenient way to install both the OpenSSH client
 and the OpenSSH server. It provides nothing in and of itself, so you
 may remove it if nothing depends on it.

ssh-askpass-gnome: interactive X program to prompt users for a passphrase for ssh-add

 This has been split out of the main openssh-client package so that
 openssh-client does not need to depend on GTK+.
 .
 You probably want the ssh-askpass package instead, but this is
 provided to add to your choice and/or confusion.

ssh-askpass-gnome-dbgsym: debug symbols for ssh-askpass-gnome