Information on source package openssh

Available versions

ReleaseVersion
wheezy1:6.0p1-4+deb7u4
wheezy (security)1:6.0p1-4+deb7u6
jessie (security)1:6.7p1-5+deb8u3
stretch1:7.4p1-10+deb9u1
buster1:7.6p1-2
sid1:7.6p1-2

Open issues

BugwheezyjessiestretchbustersidDescription
CVE-2016-8858vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixed** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x ...
CVE-2016-6515fixedvulnerable (no DSA)fixedfixedfixedThe auth_password function in auth-passwd.c in sshd in OpenSSH before ...
CVE-2016-3115vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedMultiple CRLF injection vulnerabilities in session.c in sshd in ...
CVE-2016-1908vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe client in OpenSSH before 7.2 mishandles failed cookie generation ...
CVE-2016-10012vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe shared memory manager (associated with pre-authentication ...
CVE-2016-10011vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedauthfile.c in sshd in OpenSSH before 7.4 does not properly consider ...
CVE-2016-10009vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedUntrusted search path vulnerability in ssh-agent.c in ssh-agent in ...
CVE-2015-6564vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedUse-after-free vulnerability in the mm_answer_pam_free_ctx function in ...
CVE-2015-6563vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD ...
CVE-2015-5600vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe kbdint_next_device function in auth2-chall.c in sshd in OpenSSH ...
CVE-2015-5352vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe x11_open_helper function in channels.c in ssh in OpenSSH before ...

Open unimportant issues

BugwheezyjessiestretchbustersidDescription
CVE-2016-10010vulnerablevulnerablefixedfixedfixedsshd in OpenSSH before 7.4, when privilege separation is not used, ...
CVE-2008-3234vulnerablevulnerablevulnerablevulnerablevulnerablesshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH ...
CVE-2007-2768vulnerablevulnerablevulnerablevulnerablevulnerableOpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, ...
CVE-2007-2243vulnerablevulnerablevulnerablevulnerablevulnerableOpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is ...

Resolved issues

BugDescription
CVE-2016-6210sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user ...
CVE-2016-1907The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 ...
CVE-2016-0778The (1) roaming_read and (2) roaming_write functions in ...
CVE-2016-0777The resend_bytes function in roaming_common.c in the client in OpenSSH ...
CVE-2015-8325The do_setup_env function in session.c in sshd in OpenSSH through ...
CVE-2015-6565sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY ...
CVE-2014-9278The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 ...
CVE-2014-8475FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos ...
CVE-2014-2653The verify_host_key function in sshconnect.c in the client in OpenSSH ...
CVE-2014-2532sshd in OpenSSH before 6.6 does not properly support wildcards on ...
CVE-2014-1692The hash_buffer function in schnorr.c in OpenSSH through 6.4, when ...
CVE-2013-4548The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH ...
CVE-2012-0814The auth_parse_options function in auth-options.c in sshd in OpenSSH ...
CVE-2011-5000The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and ...
CVE-2011-4327ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain ...
CVE-2011-0539The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, ...
CVE-2010-5107The default configuration of OpenSSH through 6.1 enforces a fixed time ...
CVE-2010-4478OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly ...
CVE-2009-2904A certain Red Hat modification to the ChrootDirectory feature in ...
CVE-2008-5161Error handling in the SSH protocol in (1) SSH Tectia Client and Server ...
CVE-2008-4109A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before ...
CVE-2008-3259OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the ...
CVE-2008-2285The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not ...
CVE-2008-1657OpenSSH 4.4 up to versions before 4.9 allows remote authenticated ...
CVE-2008-1483OpenSSH 4.3p2, and probably other versions, allows local users to ...
CVE-2008-0166OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based ...
CVE-2007-4752ssh in OpenSSH before 4.7 does not properly handle when an untrusted ...
CVE-2007-3102Unspecified vulnerability in the linux_audit_record_event function in ...
CVE-2006-5794Unspecified vulnerability in the sshd Privilege Separation Monitor in ...
CVE-2006-5052Unspecified vulnerability in portable OpenSSH before 4.4, when running ...
CVE-2006-5051Signal handler race condition in OpenSSH before 4.4 allows remote ...
CVE-2006-4925packet.c in ssh in OpenSSH allows remote attackers to cause a denial ...
CVE-2006-4924sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, ...
CVE-2006-0883OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not ...
CVE-2006-0225scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands ...
CVE-2005-2798sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, ...
CVE-2005-2797OpenSSH 4.0, and other versions before 4.2, does not properly handle ...
CVE-2005-2666SSH, as implemented in OpenSSH before 4.0 and possibly other ...
CVE-2004-2760sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately ...
CVE-2004-2069sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, ...
CVE-2004-1653The default configuration for OpenSSH enables AllowTcpForwarding, ...
CVE-2004-0175Directory traversal vulnerability in scp for OpenSSH before 3.4p1 ...
CVE-2003-1562sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled ...
CVE-2003-1119SSH Secure Shell before 3.2.9 allows remote attackers to cause a ...
CVE-2003-0787The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets ...
CVE-2003-0786The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and ...
CVE-2003-0695Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow ...
CVE-2003-0693A "buffer management error" in buffer_append_space of buffer.c for ...
CVE-2003-0682"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a ...
CVE-2003-0386OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...
CVE-2003-0190OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support ...
CVE-2002-1715SSH 1 through 3, and possibly other versions, allows local users to ...
CVE-2002-1360Multiple SSH2 servers and clients do not properly handle strings with ...
CVE-2002-1359Multiple SSH2 servers and clients do not properly handle large packets ...
CVE-2002-1358Multiple SSH2 servers and clients do not properly handle lists with ...
CVE-2002-1357Multiple SSH2 servers and clients do not properly handle packets or ...
CVE-2002-0765sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain ...
CVE-2002-0640Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote ...
CVE-2002-0639Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote ...
CVE-2001-1585SSH protocol 2 (aka SSH-2) public key authentication in the ...
CVE-2001-1507OpenSSH before 3.0.1 with Kerberos V enabled does not properly ...
CVE-2001-1459OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication ...
CVE-2000-0992Directory traversal vulnerability in scp in sshd 1.2.xx allows a ...

Security announcements

DSA / DLADescription
DLA-594-1openssh - security update
DLA-578-1openssh - security update
DSA-3626-1openssh - security update
DSA-3550-1openssh - security update
DSA-3550-1openssh - security update
DSA-3446-1openssh - security update
DSA-3446-1openssh - security update
DLA-387-1openssh - security update
DLA-288-2openssh - regression update
DLA-288-1openssh - security update
DSA-2894-1openssh - security update
DSA-2894-1openssh - security update
DSA-1638-1openssh - denial of service
DSA-1576-1openssh openssh-blacklist - predictable randomness
DSA-1212openssh
DSA-382ssh - possible remote vulnerability

Search for package or bug name: Reporting problems