USN-3809-1 fixed vulnerabilities in OpenSSH. The update for CVE-2018-15473 was incomplete and could introduce a regression in certain environments. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10708)
It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2018-15473)
{
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:7.6p1-4ubuntu0.5"
},
{
"binary_name": "openssh-server",
"binary_version": "1:7.6p1-4ubuntu0.5"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:7.6p1-4ubuntu0.5"
},
{
"binary_name": "ssh",
"binary_version": "1:7.6p1-4ubuntu0.5"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:7.6p1-4ubuntu0.5"
}
],
"availability": "No subscription required"
}