Information on source package openssh

Available versions

ReleaseVersion
jessie1:6.7p1-5+deb8u4
jessie (security)1:6.7p1-5+deb8u8
stretch1:7.4p1-10+deb9u7
stretch (security)1:7.4p1-10+deb9u6
buster1:7.9p1-10
buster (security)1:7.9p1-10+deb10u1
bullseye1:8.1p1-1
sid1:8.1p1-1

Open issues

BugjessiestretchbusterbullseyesidDescription
CVE-2018-15919vulnerable (no DSA)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableRemotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 co ...
CVE-2016-8858vulnerable (no DSA, ignored)fixedfixedfixedfixed** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x ...

Open unimportant issues

BugjessiestretchbusterbullseyesidDescription
CVE-2019-6110vulnerablevulnerablevulnerablevulnerablevulnerableIn OpenSSH 7.9, due to accepting and displaying arbitrary stderr outpu ...
CVE-2019-16905fixedfixedvulnerablefixedfixedOpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an expe ...
CVE-2016-10010vulnerablefixedfixedfixedfixedsshd in OpenSSH before 7.4, when privilege separation is not used, cre ...
CVE-2008-3234vulnerablevulnerablevulnerablevulnerablevulnerablesshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapsh ...
CVE-2007-2768vulnerablevulnerablevulnerablevulnerablevulnerableOpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, a ...
CVE-2007-2243vulnerablevulnerablevulnerablevulnerablevulnerableOpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabl ...

Resolved issues

BugDescription
CVE-2019-6111An issue was discovered in OpenSSH 7.9. Due to the scp implementation ...
CVE-2019-6109An issue was discovered in OpenSSH 7.9. Due to missing character encod ...
CVE-2018-20685In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to b ...
CVE-2018-15473OpenSSH through 7.7 is prone to a user enumeration vulnerability due t ...
CVE-2017-15906The process_open function in sftp-server.c in OpenSSH before 7.6 does ...
CVE-2016-6515The auth_password function in auth-passwd.c in sshd in OpenSSH before ...
CVE-2016-6210sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user pa ...
CVE-2016-3115Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSS ...
CVE-2016-1908The client in OpenSSH before 7.2 mishandles failed cookie generation f ...
CVE-2016-1907The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 ...
CVE-2016-10708sshd in OpenSSH before 7.4 allows remote attackers to cause a denial o ...
CVE-2016-10012The shared memory manager (associated with pre-authentication compress ...
CVE-2016-10011authfile.c in sshd in OpenSSH before 7.4 does not properly consider th ...
CVE-2016-10009Untrusted search path vulnerability in ssh-agent.c in ssh-agent in Ope ...
CVE-2016-0778The (1) roaming_read and (2) roaming_write functions in roaming_common ...
CVE-2016-0777The resend_bytes function in roaming_common.c in the client in OpenSSH ...
CVE-2015-8325The do_setup_env function in session.c in sshd in OpenSSH through 7.2p ...
CVE-2015-6565sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY de ...
CVE-2015-6564Use-after-free vulnerability in the mm_answer_pam_free_ctx function in ...
CVE-2015-6563The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD pla ...
CVE-2015-5600The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH th ...
CVE-2015-5352The x11_open_helper function in channels.c in ssh in OpenSSH before 6. ...
CVE-2014-9278The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 a ...
CVE-2014-8475FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos suppo ...
CVE-2014-2653The verify_host_key function in sshconnect.c in the client in OpenSSH ...
CVE-2014-2532sshd in OpenSSH before 6.6 does not properly support wildcards on Acce ...
CVE-2014-1692The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Mak ...
CVE-2013-4548The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH ...
CVE-2012-0814The auth_parse_options function in auth-options.c in sshd in OpenSSH b ...
CVE-2011-5000The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and e ...
CVE-2011-4327ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platfo ...
CVE-2011-0539The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, ...
CVE-2010-5107The default configuration of OpenSSH through 6.1 enforces a fixed time ...
CVE-2010-4478OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly val ...
CVE-2009-2904A certain Red Hat modification to the ChrootDirectory feature in OpenS ...
CVE-2008-5161Error handling in the SSH protocol in (1) SSH Tectia Client and Server ...
CVE-2008-4109A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before ...
CVE-2008-3259OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11Use ...
CVE-2008-2285The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not ...
CVE-2008-1657OpenSSH 4.4 up to versions before 4.9 allows remote authenticated user ...
CVE-2008-1483OpenSSH 4.3p2, and probably other versions, allows local users to hija ...
CVE-2008-0166OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operat ...
CVE-2007-4752ssh in OpenSSH before 4.7 does not properly handle when an untrusted c ...
CVE-2007-3102Unspecified vulnerability in the linux_audit_record_event function in ...
CVE-2006-5794Unspecified vulnerability in the sshd Privilege Separation Monitor in ...
CVE-2006-5052Unspecified vulnerability in portable OpenSSH before 4.4, when running ...
CVE-2006-5051Signal handler race condition in OpenSSH before 4.4 allows remote atta ...
CVE-2006-4925packet.c in ssh in OpenSSH allows remote attackers to cause a denial o ...
CVE-2006-4924sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, all ...
CVE-2006-0883OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not prope ...
CVE-2006-0225scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands vi ...
CVE-2005-2798sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, ...
CVE-2005-2797OpenSSH 4.0, and other versions before 4.2, does not properly handle d ...
CVE-2005-2666SSH, as implemented in OpenSSH before 4.0 and possibly other implement ...
CVE-2004-2760sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately c ...
CVE-2004-2069sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, whe ...
CVE-2004-1653The default configuration for OpenSSH enables AllowTcpForwarding, whic ...
CVE-2004-0175Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allo ...
CVE-2003-1562sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled ...
CVE-2003-1119SSH Secure Shell before 3.2.9 allows remote attackers to cause a denia ...
CVE-2003-0787The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets ...
CVE-2003-0786The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3. ...
CVE-2003-0695Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow ...
CVE-2003-0693A "buffer management error" in buffer_append_space of buffer.c for Ope ...
CVE-2003-0682"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a dif ...
CVE-2003-0386OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...
CVE-2003-0190OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enable ...
CVE-2002-1715SSH 1 through 3, and possibly other versions, allows local users to by ...
CVE-2002-1360Multiple SSH2 servers and clients do not properly handle strings with ...
CVE-2002-1359Multiple SSH2 servers and clients do not properly handle large packets ...
CVE-2002-1358Multiple SSH2 servers and clients do not properly handle lists with em ...
CVE-2002-1357Multiple SSH2 servers and clients do not properly handle packets or da ...
CVE-2002-0765sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain ...
CVE-2002-0640Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote ...
CVE-2002-0639Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote at ...
CVE-2001-1585SSH protocol 2 (aka SSH-2) public key authentication in the developmen ...
CVE-2001-1507OpenSSH before 3.0.1 with Kerberos V enabled does not properly authent ...
CVE-2001-1459OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication M ...
CVE-2000-0992Directory traversal vulnerability in scp in sshd 1.2.xx allows a remot ...

Security announcements

DSA / DLADescription
DSA-4539-2openssh - regression update
DLA-1728-1openssh - security update
DSA-4387-2openssh - security update
DSA-4387-1openssh - security update
DLA-1500-2openssh - regression update
DLA-1500-1openssh - security update
DSA-4280-1openssh - security update
DLA-1474-1openssh - security update
DLA-1257-1openssh - security update
DLA-594-1openssh - security update
DLA-578-1openssh - security update
DSA-3626-1openssh - security update
DSA-3550-1openssh - security update
DSA-3550-1openssh - security update
DSA-3446-1openssh - security update
DSA-3446-1openssh - security update
DLA-387-1openssh - security update
DLA-288-2openssh - regression update
DLA-288-1openssh - security update
DSA-2894-1openssh - security update
DSA-2894-1openssh - security update
DSA-1638-1openssh - denial of service
DSA-1576-1openssh openssh-blacklist - predictable randomness
DSA-1212openssh
DSA-382ssh - possible remote vulnerability

Search for package or bug name: Reporting problems