Root, version 1:7.6p1-4ubuntu0.1 included the fix for CVE-2018-15473. Version 1:7.6p1-4ubuntu0.2 is included in the disc image ubuntu-18.04.2 -server-amd64:
$ sha256sum ubuntu-18.04.2-server-amd64.iso a2cb36dc010d98ad9253ea5ad5a07fd6b409e3412c48f1860536970b073c98f5 ubuntu-18.04.2-server-amd64.iso $ bsdtar tf ubuntu-18.04.2-server-amd64.iso | grep openssh pool/main/o/openssh pool/main/o/openssh/openssh-client-udeb_7.6p1-4ubuntu0.2_amd64.udeb pool/main/o/openssh/openssh-client_7.6p1-4ubuntu0.2_amd64.deb pool/main/o/openssh/openssh-server-udeb_7.6p1-4ubuntu0.2_amd64.udeb pool/main/o/openssh/openssh-server_7.6p1-4ubuntu0.2_amd64.deb pool/main/o/openssh/openssh-sftp-server_7.6p1-4ubuntu0.2_amd64.deb pool/main/o/openssh/ssh_7.6p1-4ubuntu0.2_all.deb 1:7.6p1-4ubuntu0.2 includes the fix from 1:7.6p1-4ubuntu0.1 and fixes three more CVEs: - CVE-2018-20685 - CVE-2019-6109 - CVE-2019-6111 During the install, you have the option of downloading and installing updates. These additional updates include openssh version 1:7.6p1-4ubuntu0.3 which includes addition fixes for one CVE: - CVE-2019-6111 Thanks ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20685 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-6109 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-6111 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1794629 Title: CVE-2018-15473 - User enumeration vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1794629/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
