diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 05:39:34 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 05:39:34 +0000 |
commit | 1a040104899b0285a3a41ebd1dfe72a84dedeb22 (patch) | |
tree | e22983d910417ad86452c74b9c6a272b7e07ee82 /debian/changelog | |
parent | Adding debian version 1:7.9p1-10+deb10u3. (diff) | |
download | openssh-debian/1%7.9p1-10+deb10u4.tar.xz openssh-debian/1%7.9p1-10+deb10u4.zip |
Adding debian version 1:7.9p1-10+deb10u4.debian/1%7.9p1-10+deb10u4debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/changelog')
-rw-r--r-- | debian/changelog | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 0e30cc0..d219da9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,34 @@ +openssh (1:7.9p1-10+deb10u4) buster-security; urgency=medium + + * Non-maintainer upload by the LTS Team. + * Rename debian/.gitlab-ci.yml to debian/salsa-ci.yml and use + lts-team/pipeline recipe for buster in it. + * [CVE-2023-48795] ssh(1), sshd(8): implement protocol extensions to + thwart the so-called "Terrapin attack" discovered by Fabian Bäumer, + Marcus Brinkmann and Jörg Schwenk. This attack allows a MITM to effect + a limited break of the integrity of the early encrypted SSH transport + protocol by sending extra messages prior to the commencement of + encryption, and deleting an equal number of consecutive messages + immediately after encryption starts. A peer SSH client/server would + not be able to detect that messages were deleted. + * [CVE-2023-51385] ssh(1): if an invalid user or hostname that contained + shell metacharacters was passed to ssh(1), and a ProxyCommand, + LocalCommand directive or "match exec" predicate referenced the user + or hostname via %u, %h or similar expansion token, then an attacker + who could supply arbitrary user/hostnames to ssh(1) could potentially + perform command injection depending on what quoting was present in the + user-supplied ssh_config(5) directive. ssh(1) now bans most shell + metacharacters from user and hostnames supplied via the command-line. + * [CVE-2021-41617]: sshd(8) from OpenSSH 6.2 through 8.7 failed to + correctly initialise supplemental groups when executing an + AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a + AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive + has been set to run the command as a different user. Instead these + commands would inherit the groups that sshd(8) was started with + (closes: #995130). + + -- Santiago Ruano Rincón <santiago@freexian.com> Sun, 24 Dec 2023 15:39:13 -0500 + openssh (1:7.9p1-10+deb10u3) buster-security; urgency=high * Non-maintainer upload. |