<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=windows-1252">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-forward-container"><br>
-------- Mensagem encaminhada --------
<table class="moz-email-headers-table" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" valign="BASELINE" nowrap="nowrap">Assunto:
</th>
<td>[USN-2966-1] OpenSSH vulnerabilities</td>
</tr>
<tr>
<th align="RIGHT" valign="BASELINE" nowrap="nowrap">Data: </th>
<td>Mon, 9 May 2016 15:30:36 -0400</td>
</tr>
<tr>
<th align="RIGHT" valign="BASELINE" nowrap="nowrap">De: </th>
<td>Marc Deslauriers <a class="moz-txt-link-rfc2396E" href="mailto:marc.deslauriers@canonical.com"><marc.deslauriers@canonical.com></a></td>
</tr>
<tr>
<th align="RIGHT" valign="BASELINE" nowrap="nowrap">Responder
a: </th>
<td><a class="moz-txt-link-abbreviated" href="mailto:ubuntu-users@lists.ubuntu.com">ubuntu-users@lists.ubuntu.com</a>, Ubuntu Security
<a class="moz-txt-link-rfc2396E" href="mailto:security@ubuntu.com"><security@ubuntu.com></a></td>
</tr>
<tr>
<th align="RIGHT" valign="BASELINE" nowrap="nowrap">Para: </th>
<td><a class="moz-txt-link-abbreviated" href="mailto:ubuntu-security-announce@lists.ubuntu.com">ubuntu-security-announce@lists.ubuntu.com</a></td>
</tr>
</tbody>
</table>
<br>
<br>
<pre>==========================================================================
Ubuntu Security Notice USN-2966-1
May 09, 2016
openssh vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in OpenSSH.
Software Description:
- openssh: secure shell (SSH) for secure access to remote machines
Details:
Shayan Sadigh discovered that OpenSSH incorrectly handled environment files
when the UseLogin feature is enabled. A local attacker could use this issue
to gain privileges. (CVE-2015-8325)
Ben Hawkes discovered that OpenSSH incorrectly handled certain network
traffic. A remote attacker could possibly use this issue to cause OpenSSH
to crash, resulting in a denial of service. This issue only applied to
Ubuntu 15.10. (CVE-2016-1907)
Thomas Hoger discovered that OpenSSH incorrectly handled untrusted X11
forwarding when the SECURITY extension is disabled. A connection configured
as being untrusted could get switched to trusted in certain scenarios,
contrary to expectations. (CVE-2016-1908)
It was discovered that OpenSSH incorrectly handled certain X11 forwarding
data. A remote authenticated attacker could possibly use this issue to
bypass certain intended command restrictions. (CVE-2016-3115)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
openssh-server 1:6.9p1-2ubuntu0.2
Ubuntu 14.04 LTS:
openssh-server 1:6.6p1-2ubuntu2.7
Ubuntu 12.04 LTS:
openssh-server 1:5.9p1-5ubuntu1.9
In general, a standard system update will make all the necessary changes.
References:
<a class="moz-txt-link-freetext" href="http://www.ubuntu.com/usn/usn-2966-1">http://www.ubuntu.com/usn/usn-2966-1</a>
CVE-2015-8325, CVE-2016-1907, CVE-2016-1908, CVE-2016-3115
Package Information:
<a class="moz-txt-link-freetext" href="https://launchpad.net/ubuntu/+source/openssh/1:6.9p1-2ubuntu0.2">https://launchpad.net/ubuntu/+source/openssh/1:6.9p1-2ubuntu0.2</a>
<a class="moz-txt-link-freetext" href="https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.7">https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.7</a>
<a class="moz-txt-link-freetext" href="https://launchpad.net/ubuntu/+source/openssh/1:5.9p1-5ubuntu1.9">https://launchpad.net/ubuntu/+source/openssh/1:5.9p1-5ubuntu1.9</a>
</pre>
<br>
</div>
<br>
</body>
</html>