Bug#848714: openssh: CVE-2016-10009

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#848714: openssh: CVE-2016-10009
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 19 Dec 2016 20:25:45 +0100
Message-id: <[🔎] 148217554587.22822.2862435418846129924.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 848714@bugs.debian.org

Source: openssh
Version: 1:7.3p1-5
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for openssh.

CVE-2016-10009[0]:
|ssh-agent(1): load PKCS#11 modules from paths outside a trusted
|whitelist

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-10009
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10009

Please adjust the affected versions in the BTS as needed. Note, I'm
opening individual bugs for the four assigned CVEs. The reason is that
is is not yet triaged if the set of common affected versions is the
same for all. This allows us to track the CVEs in BTS.

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#848714: marked as done (openssh: CVE-2016-10009)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#848110: openssh-server: Please add a note in the sshd_config file that UsePAM must be set to yes with systemd/logind
Next by Date: Bug#848715: openssh: CVE-2016-10010
Previous by thread: Bug#848110: openssh-server: Please add a note in the sshd_config file that UsePAM must be set to yes with systemd/logind
Next by thread: Bug#848714: marked as done (openssh: CVE-2016-10009)
Index(es):
- Date
- Thread