Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-1500-2:1F61F
HistorySep 12, 2018 - 8:02 p.m.

[SECURITY] [DLA 1500-2] openssh regression update

2018-09-1220:02:50
lists.debian.org
19
JSON

Package : openssh
Version : 1:6.7p1-5+deb8u7
Debian Bug : 908652

The security update of OpenSSH announced as DLA 1500-1 introduced a bug in
openssh-client: when X11 forwarding is enabled (via system-wide
configuration in ssh_config or via -X command line switch), but no DISPLAY
is set, the client produces a "DISPLAY "(null)" invalid; disabling X11
forwarding" warning. These bug was introduced by the patch set to fix the
CVE-2016-1908 issue. For reference, the following is the relevant section
of the original announcement:

CVE-2016-1908

OpenSSH mishandled untrusted X11 forwarding when the X server disables
the SECURITY extension. Untrusted connections could obtain trusted X11
forwarding privileges. Reported by Thomas Hoger.

For Debian 8 "Jessie", this problem has been fixed in version
1:6.7p1-5+deb8u7.

We recommend that you upgrade your openssh packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian8armelopenssh-server< 1:6.7p1-5+deb8u7openssh-server_1:6.7p1-5+deb8u7_armel.deb
Debian8amd64openssh-client< 1:6.7p1-5+deb8u7openssh-client_1:6.7p1-5+deb8u7_amd64.deb
Debian8armelopenssh-server-udeb< 1:6.7p1-5+deb8u7openssh-server-udeb_1:6.7p1-5+deb8u7_armel.deb
Debian8allopenssh< 1:6.7p1-5+deb8u7openssh_1:6.7p1-5+deb8u7_all.deb
Debian8armhfopenssh-client-udeb< 1:6.7p1-5+deb8u7openssh-client-udeb_1:6.7p1-5+deb8u7_armhf.deb
Debian8amd64ssh-askpass-gnome< 1:6.7p1-5+deb8u7ssh-askpass-gnome_1:6.7p1-5+deb8u7_amd64.deb
Debian8i386openssh-sftp-server< 1:6.7p1-5+deb8u7openssh-sftp-server_1:6.7p1-5+deb8u7_i386.deb
Debian8allssh-krb5< 1:6.7p1-5+deb8u7ssh-krb5_1:6.7p1-5+deb8u7_all.deb
Debian8amd64openssh-server< 1:6.7p1-5+deb8u7openssh-server_1:6.7p1-5+deb8u7_amd64.deb
Debian8armelopenssh-client-udeb< 1:6.7p1-5+deb8u7openssh-client-udeb_1:6.7p1-5+deb8u7_armel.deb
Rows per page:
1-10 of 271

Related

nessus 22
fedora 1
openvas 15
amazon 1
veracode 1
cve 1
debiancve 1
f5 2
ubuntucve 1
prion 1
oraclelinux 2
symantec 1
aix 1
ibm 5
centos 2
redhat 2
cloudfoundry 1
ubuntu 1
gentoo 1
osv 1
debian 1
ics 1
nessus
nessus
Fedora 23 : gsi-openssh-7.1p2-3.fc23 (2016-4509765b4b)
2016-03-04 00:00:00
Debian DLA-1500-2 : openssh regression update
2018-09-12 00:00:00
OpenSSH < 7.2 Untrusted X11 Forwarding Fallback Security Bypass
2016-03-18 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: gsi-openssh-7.1p2-3.fc23
2016-02-10 16:53:50
openvas
openvas
OpenSSH X11 Forwarding Security Bypass Vulnerability - Windows
2017-04-21 00:00:00
OpenSSH X11 Forwarding Security Bypass Vulnerability - Linux
2017-04-21 00:00:00
Fedora Update for gsi-openssh FEDORA-2016-4509765
2016-02-11 00:00:00
amazon
amazon
Medium: openssh
2016-03-29 15:30:00
veracode
veracode
Authentication Bypass
2019-05-02 05:29:33
cve
cve
CVE-2016-1908
2017-04-11 18:59:00
debiancve
debiancve
CVE-2016-1908
2017-04-11 18:59:00
f5
f5
SOL71960814 - OpenSSH vulnerability CVE-2016-1908
2016-05-31 00:00:00
K71960814 : OpenSSH vulnerability CVE-2016-1908
2016-05-31 00:00:00
ubuntucve
ubuntucve
CVE-2016-1908
2016-01-15 00:00:00
prion
prion
Design/Logic Flaw
2017-04-11 18:59:00
oraclelinux
oraclelinux
openssh security update
2016-03-21 00:00:00
openssh security, bug fix, and enhancement update
2016-05-12 00:00:00
symantec
symantec
SA126 : OpenSSH Vulnerabilities January/April 2016
2016-06-14 08:00:00
aix
aix
Vulnerabilities in OpenSSH affect AIX
2016-05-03 10:03:39
ibm
ibm
Security Bulletin: IBM Security Access Manager for Web is affected by vulnerabilities in OpenSSH (CVE-2016-3115, CVE-2016-1908)
2018-06-16 21:44:51
Security Bulletin: IBM Security Access Manager for Mobile is affected by vulnerabilities in OpenSSH (CVE-2016-3115, CVE-2016-1908)
2018-06-16 21:44:51
Security Bulletin: Vulnerabilities in OpenSSH affect IBM i (CVE-2016-1907, CVE-2016-1908, CVE-2016-3115)
2019-12-18 14:26:38
centos
centos
openssh, pam_ssh_agent_auth security update
2016-03-21 22:38:14
openssh, pam_ssh_agent_auth security update
2016-05-16 10:19:28
redhat
redhat
(RHSA-2016:0465) Moderate: openssh security update
2016-03-21 20:03:21
(RHSA-2016:0741) Moderate: openssh security, bug fix, and enhancement update
2016-05-10 06:42:16
cloudfoundry
cloudfoundry
USN-2966-1 OpenSSH vulnerabilities | Cloud Foundry
2016-06-13 00:00:00
ubuntu
ubuntu
OpenSSH vulnerabilities
2016-05-09 00:00:00
gentoo
gentoo
OpenSSH: Multiple vulnerabilities
2016-12-07 00:00:00
osv
osv
openssh - security update
2018-09-10 00:00:00
debian
debian
[SECURITY] [DLA 1500-1] openssh security update
2018-09-10 08:44:17
ics
ics
Siemens SCALANCE X-200RNA Switch Devices
2022-12-19 12:00:00
JSON
Related for DEBIAN:DLA-1500-2:1F61F
nessus22fedora1openvas15amazon1veracode1cve1debiancve1f52ubuntucve1prion1oraclelinux2symantec1aix1ibm5centos2redhat2cloudfoundry1ubuntu1gentoo1osv1debian1ics1