---

Canonical Patches Multiple OpenSSH Vulnerabilities in Supported Ubuntu OSes

The first security issue (CVE-2015-8325) was discovered by Shayan Sadigh in the way OpenSSH handles environment files, which failed to work correctly when the UseLogin feature was enabled, allowing a local attacker to gain root access. The second vulnerability (CVE-2016-1907), affecting only Ubuntu 15.10 users, was discovered by Ben Hawkes in the way OpenSSH handles the network traffic, which could have allowed a remote attacker to crash the OpenSSH server and cause a denial of service.

The third security flaw (CVE-2016-1908) was discovered by Thomas Hoger in the way OpenSSH handles untrusted X11 forwarding data, which failed to work correctly when the SECURITY extension was disabled. Because of this, an untrusted connection could be easily passed as a trusted one. Lastly, the fourth vulnerability (CVE-2016-3115) was also discovered in the way OpenSSH handles untrusted X11 forwarding data, which could have allowed a remote authenticated attacker to bypass certain intended command restrictions.