Package        : openssh
Version        : 1:6.7p1-5+deb8u7
Debian Bug     : 908652


The security update of OpenSSH announced as DLA 1500-1 introduced a bug in
openssh-client: when X11 forwarding is enabled (via system-wide
configuration in ssh_config or via -X command line switch), but no DISPLAY
is set, the client produces a "DISPLAY "(null)" invalid; disabling X11
forwarding" warning. These bug was introduced by the patch set to fix the
CVE-2016-1908 issue. For reference, the following is the relevant section
of the original announcement:

CVE-2016-1908

    OpenSSH mishandled untrusted X11 forwarding when the X server disables
    the SECURITY extension. Untrusted connections could obtain trusted X11
    forwarding privileges. Reported by Thomas Hoger.

For Debian 8 "Jessie", this problem has been fixed in version
1:6.7p1-5+deb8u7.

We recommend that you upgrade your openssh packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-1500-2: openssh regression update

September 12, 2018
The security update of OpenSSH announced as DLA 1500-1 introduced a bug in openssh-client: when X11 forwarding is enabled (via system-wide configuration in ssh_config or via -X com...

Summary

CVE-2016-1908

OpenSSH mishandled untrusted X11 forwarding when the X server disables
the SECURITY extension. Untrusted connections could obtain trusted X11
forwarding privileges. Reported by Thomas Hoger.

For Debian 8 "Jessie", this problem has been fixed in version
1:6.7p1-5+deb8u7.

We recommend that you upgrade your openssh packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity 
Package        : openssh
Version : 1:6.7p1-5+deb8u7
Debian Bug : 908652

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The Kinsing hacker group, or H2Miner, has been orchestrating illicit cryptocurrency mining campaigns since 2019 and poses a persistent security
32.Lock Code Circular Esm H320
2 - 3 min read
The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its
4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved