USN-6560-2 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 16.04 LTS.
Original advisory details:
It was discovered that OpenSSH incorrectly handled user names or host names with shell metacharacters. An attacker could possibly use this issue to perform OS command injection.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "openssh-client-ssh1-dbgsym": "1:7.2p2-4ubuntu2.10+esm6", "ssh-askpass-gnome-dbgsym": "1:7.2p2-4ubuntu2.10+esm6", "ssh-askpass-gnome": "1:7.2p2-4ubuntu2.10+esm6", "openssh-client-udeb-dbgsym": "1:7.2p2-4ubuntu2.10+esm6", "openssh-client-ssh1": "1:7.2p2-4ubuntu2.10+esm6", "openssh-client-udeb": "1:7.2p2-4ubuntu2.10+esm6", "ssh-krb5": "1:7.2p2-4ubuntu2.10+esm6", "openssh-server-udeb-dbgsym": "1:7.2p2-4ubuntu2.10+esm6", "openssh-client": "1:7.2p2-4ubuntu2.10+esm6", "openssh-sftp-server": "1:7.2p2-4ubuntu2.10+esm6", "openssh-sftp-server-dbgsym": "1:7.2p2-4ubuntu2.10+esm6", "openssh-server": "1:7.2p2-4ubuntu2.10+esm6", "openssh-server-udeb": "1:7.2p2-4ubuntu2.10+esm6", "openssh-server-dbgsym": "1:7.2p2-4ubuntu2.10+esm6", "ssh": "1:7.2p2-4ubuntu2.10+esm6", "openssh-client-dbgsym": "1:7.2p2-4ubuntu2.10+esm6" } ] }