[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: openssh_7.2p2+ availability for wheezy

On Thu, Jul 27, 2017 at 03:42:30PM +0100, Adam Weremczuk wrote:
> These are the vulnerability I'm referring to and they have been addressed in
> OpenSSH versions 6.6 and 7.2p2:
> Threat 1:
> The sshd server fails to validate user-supplied X11 authentication
> credentials
> when establishing an X11 forwarding session. An authenticated user may
> inject
> arbitrary xauth commands by sending an x11 channel request that includes a
> newline character in the x11 cookie.
> Please note that Systems with X11Forwarding enabled are affected.
> Affected Versions:
> OpenSSH versions prior to 7.2p2
> Threat 2:
> The security issue is caused by an error within the "child_set_env()"
> function
> (usr.bin/ssh/session.c) and can be exploited to bypass intended environment
> restrictions by using a substring before a wildcard character.
> Affected Versions:
> OpenSSH Versions prior to 6.6 are affected
> I have just reviewed:
> /usr/share/doc/openssh-server/changelog.Debian.gz
> from Debian 7.11 stamped 9 August 2016 and I can't see any of the above
> mentioned there.

The entries in changelog.Debian.gz will identify the CVE ID for security
uploads.  For example, here is one from the changelog on my laptop
(running jessie):

openssh (1:6.7p1-5+deb8u3) jessie-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2016-6210: User enumeration via covert timing channel
    (closes: #831902).

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Thu, 21 Jul 2016 15:51:59 +0000

If you request that whomever provided you those descriptions give you
the accompanying CVE IDs you will be able to confirm that they are in
fact fixed in the currrent openssh in wheezy.



Roberto C. Sánchez

Reply to: