Information on source package openssh

Available versions

ReleaseVersion
jessie1:6.7p1-5+deb8u10
stretch1:7.4p1-10+deb9u9
stretch (security)1:7.4p1-10+deb9u6
buster1:7.9p1-10+deb10u4
bullseye1:8.4p1-5+deb11u3
bookworm1:9.2p1-2+deb12u3
trixie1:9.9p1-3
sid1:9.9p1-3

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2023-48795vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedfixedThe SSH transport protocol with certain OpenSSH extensions, found in O ...
CVE-2016-8858vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedfixedThe kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2023-51767vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableOpenSSH through 9.6, when common types of DRAM are used, might allow r ...
CVE-2021-36368vulnerablevulnerablevulnerablevulnerablefixedfixedfixedAn issue was discovered in OpenSSH before 8.9. If a client is using pu ...
CVE-2020-15778vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerablescp in OpenSSH through 8.3p1 allows command injection in the scp.c tor ...
CVE-2020-14145vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableThe client side in OpenSSH 5.7 through 8.4 has an Observable Discrepan ...
CVE-2020-12062vulnerablevulnerablevulnerablefixedfixedfixedfixedThe scp client in OpenSSH 8.2 incorrectly sends duplicate responses to ...
CVE-2019-16905fixedfixedvulnerablefixedfixedfixedfixedOpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an expe ...
CVE-2019-6110vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn OpenSSH 7.9, due to accepting and displaying arbitrary stderr outpu ...
CVE-2018-15919vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableRemotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 co ...
CVE-2016-20012vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableOpenSSH through 8.7 allows remote attackers, who have a suspicion that ...
CVE-2016-10010vulnerablefixedfixedfixedfixedfixedfixedsshd in OpenSSH before 7.4, when privilege separation is not used, cre ...
CVE-2008-3234vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerablesshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapsh ...
CVE-2007-2768vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableOpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, a ...
CVE-2007-2243vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableOpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabl ...

Resolved issues

BugDescription
CVE-2024-39894OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks aga ...
CVE-2024-7589A signal handler in sshd(8) may call a logging function that is not as ...
CVE-2024-6409A race condition vulnerability was discovered in how signals are handl ...
CVE-2024-6387A security regression (CVE-2006-5051) was discovered in OpenSSH's serv ...
CVE-2023-51385In ssh in OpenSSH before 9.6, OS command injection might occur if a us ...
CVE-2023-51384In ssh-agent in OpenSSH before 9.6, certain destination constraints ca ...
CVE-2023-38408The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insuff ...
CVE-2023-28531ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without ...
CVE-2023-25136OpenSSH server (sshd) 9.1 introduced a double-free vulnerability durin ...
CVE-2021-41617sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default c ...
CVE-2021-28041ssh-agent in OpenSSH before 8.5 has a double free that may be relevant ...
CVE-2019-6111An issue was discovered in OpenSSH 7.9. Due to the scp implementation ...
CVE-2019-6109An issue was discovered in OpenSSH 7.9. Due to missing character encod ...
CVE-2018-20685In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to b ...
CVE-2018-15473OpenSSH through 7.7 is prone to a user enumeration vulnerability due t ...
CVE-2017-15906The process_open function in sftp-server.c in OpenSSH before 7.6 does ...
CVE-2016-10708sshd in OpenSSH before 7.4 allows remote attackers to cause a denial o ...
CVE-2016-10012The shared memory manager (associated with pre-authentication compress ...
CVE-2016-10011authfile.c in sshd in OpenSSH before 7.4 does not properly consider th ...
CVE-2016-10009Untrusted search path vulnerability in ssh-agent.c in ssh-agent in Ope ...
CVE-2016-6515The auth_password function in auth-passwd.c in sshd in OpenSSH before ...
CVE-2016-6210sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user pa ...
CVE-2016-3115Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSS ...
CVE-2016-1908The client in OpenSSH before 7.2 mishandles failed cookie generation f ...
CVE-2016-1907The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 ...
CVE-2016-0778The (1) roaming_read and (2) roaming_write functions in roaming_common ...
CVE-2016-0777The resend_bytes function in roaming_common.c in the client in OpenSSH ...
CVE-2015-8325The do_setup_env function in session.c in sshd in OpenSSH through 7.2p ...
CVE-2015-6565sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY de ...
CVE-2015-6564Use-after-free vulnerability in the mm_answer_pam_free_ctx function in ...
CVE-2015-6563The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD pla ...
CVE-2015-5600The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH th ...
CVE-2015-5352The x11_open_helper function in channels.c in ssh in OpenSSH before 6. ...
CVE-2014-9278The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 a ...
CVE-2014-8475FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos suppo ...
CVE-2014-2653The verify_host_key function in sshconnect.c in the client in OpenSSH ...
CVE-2014-2532sshd in OpenSSH before 6.6 does not properly support wildcards on Acce ...
CVE-2014-1692The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Mak ...
CVE-2013-4548The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH ...
CVE-2012-0814The auth_parse_options function in auth-options.c in sshd in OpenSSH b ...
CVE-2011-5000The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and e ...
CVE-2011-4327ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platfo ...
CVE-2011-0539The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, ...
CVE-2010-5107The default configuration of OpenSSH through 6.1 enforces a fixed time ...
CVE-2010-4478OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly val ...
CVE-2009-2904A certain Red Hat modification to the ChrootDirectory feature in OpenS ...
CVE-2008-5161Error handling in the SSH protocol in (1) SSH Tectia Client and Server ...
CVE-2008-4109A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before ...
CVE-2008-3259OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11Use ...
CVE-2008-2285The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not ...
CVE-2008-1657OpenSSH 4.4 up to versions before 4.9 allows remote authenticated user ...
CVE-2008-1483OpenSSH 4.3p2, and probably other versions, allows local users to hija ...
CVE-2008-0166OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operat ...
CVE-2007-4752ssh in OpenSSH before 4.7 does not properly handle when an untrusted c ...
CVE-2007-3102Unspecified vulnerability in the linux_audit_record_event function in ...
CVE-2006-5794Unspecified vulnerability in the sshd Privilege Separation Monitor in ...
CVE-2006-5052Unspecified vulnerability in portable OpenSSH before 4.4, when running ...
CVE-2006-5051Signal handler race condition in OpenSSH before 4.4 allows remote atta ...
CVE-2006-4925packet.c in ssh in OpenSSH allows remote attackers to cause a denial o ...
CVE-2006-4924sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, all ...
CVE-2006-0883OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not prope ...
CVE-2006-0225scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands vi ...
CVE-2005-2798sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, ...
CVE-2005-2797OpenSSH 4.0, and other versions before 4.2, does not properly handle d ...
CVE-2005-2666SSH, as implemented in OpenSSH before 4.0 and possibly other implement ...
CVE-2004-2760sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately c ...
CVE-2004-2069sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, whe ...
CVE-2004-1653The default configuration for OpenSSH enables AllowTcpForwarding, whic ...
CVE-2004-0175Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allo ...
CVE-2003-1562sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled ...
CVE-2003-1119SSH Secure Shell before 3.2.9 allows remote attackers to cause a denia ...
CVE-2003-0787The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets ...
CVE-2003-0786The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3. ...
CVE-2003-0695Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow ...
CVE-2003-0693A "buffer management error" in buffer_append_space of buffer.c for Ope ...
CVE-2003-0682"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a dif ...
CVE-2003-0386OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...
CVE-2003-0190OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enable ...
CVE-2002-1715SSH 1 through 3, and possibly other versions, allows local users to by ...
CVE-2002-1360Multiple SSH2 servers and clients do not properly handle strings with ...
CVE-2002-1359Multiple SSH2 servers and clients do not properly handle large packets ...
CVE-2002-1358Multiple SSH2 servers and clients do not properly handle lists with em ...
CVE-2002-1357Multiple SSH2 servers and clients do not properly handle packets or da ...
CVE-2002-0765sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain ...
CVE-2002-0640Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote ...
CVE-2002-0639Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote at ...
CVE-2001-1585SSH protocol 2 (aka SSH-2) public key authentication in the developmen ...
CVE-2001-1507OpenSSH before 3.0.1 with Kerberos V enabled does not properly authent ...
CVE-2001-1459OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication M ...
CVE-2000-0992Directory traversal vulnerability in scp in sshd 1.2.xx allows a remot ...

Security announcements

DSA / DLADescription
DSA-5724-1openssh - security update
ELA-1055-1openssh - security update
ELA-1038-1openssh - security update
DLA-3694-1openssh - security update
DSA-5586-1openssh - security update
ELA-925-1openssh - security update
DLA-3532-1openssh - security update
DSA-4539-2openssh - regression update
DLA-1728-1openssh - security update
ELA-94-1openssh - security update
DSA-4387-2openssh - security update
DSA-4387-1openssh - security update
ELA-37-2openssh - regression update
ELA-37-1openssh - security update
DLA-1500-2openssh - regression update
DLA-1500-1openssh - security update
DSA-4280-1openssh - security update
DLA-1474-1openssh - security update
DLA-1257-1openssh - security update
DLA-594-1openssh - security update
DLA-578-1openssh - security update
DSA-3626-1openssh - security update
DSA-3550-1openssh - security update
DSA-3446-1openssh - security update
DLA-387-1openssh - security update
DLA-288-2openssh - regression update
DLA-288-1openssh - security update
DSA-2894-1openssh - security update
DSA-1638-1openssh - denial of service
DSA-1576-1openssh openssh-blacklist - predictable randomness
DSA-1212openssh
DSA-382ssh - possible remote vulnerability

Search for package or bug name: Reporting problems