openssh

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Premier connectivity tool for remote login with the SSH protocol
Version 7.9p1-1 [core]

Open

Group Affected Fixed Severity Status Ticket
AVG-849 7.9p1-1 High Vulnerable
Issue Group Severity Remote Type Description
CVE-2018-20685 AVG-849 High Yes Insufficient validation
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename.

Resolved

Group Affected Fixed Severity Status Ticket
AVG-763 7.7p1-2 7.8p1-1 Medium Fixed
AVG-110 7.3p1-2 7.4p1-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2018-15473 AVG-763 Medium Yes Information disclosure
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet...
CVE-2016-10012 AVG-110 Low Yes Insufficient validation
It was found that the shared memory manager used by pre-authentication compression support had a bounds checks that could be elided by some optimizing...
CVE-2016-10011 AVG-110 Low No Information disclosure
It was found that there is a theoretical leak of host private key material to privilege-separated child processes via realloc() when reading keys. No such...
CVE-2016-10010 AVG-110 Medium No Privilege escalation
It was found that when privilege separation was disabled in OpenSSH, forwarded Unix-domain sockets would be created by sshd with root privileges instead of...
CVE-2016-10009 AVG-110 Medium No Arbitrary code execution
It was found that ssh-agent could load PKCS#11 modules from paths outside of a trusted whitelist. An attacker able to load a crafted PKCS#11 module across a...

Advisories

Date Advisory Group Severity Description
22 Dec 2016 ASA-201612-20 AVG-110 Medium multiple issues