Comment 19 for bug 1794629

Root, version 1:7.6p1-4ubuntu0.1 included the fix for CVE-2018-15473.

Version 1:7.6p1-4ubuntu0.2 is included in the disc image ubuntu-18.04.2-server-amd64:

$ sha256sum ubuntu-18.04.2-server-amd64.iso
a2cb36dc010d98ad9253ea5ad5a07fd6b409e3412c48f1860536970b073c98f5 ubuntu-18.04.2-server-amd64.iso
$ bsdtar tf ubuntu-18.04.2-server-amd64.iso | grep openssh
pool/main/o/openssh
pool/main/o/openssh/openssh-client-udeb_7.6p1-4ubuntu0.2_amd64.udeb
pool/main/o/openssh/openssh-client_7.6p1-4ubuntu0.2_amd64.deb
pool/main/o/openssh/openssh-server-udeb_7.6p1-4ubuntu0.2_amd64.udeb
pool/main/o/openssh/openssh-server_7.6p1-4ubuntu0.2_amd64.deb
pool/main/o/openssh/openssh-sftp-server_7.6p1-4ubuntu0.2_amd64.deb
pool/main/o/openssh/ssh_7.6p1-4ubuntu0.2_all.deb

1:7.6p1-4ubuntu0.2 includes the fix from 1:7.6p1-4ubuntu0.1 and fixes three more CVEs:
- CVE-2018-20685
- CVE-2019-6109
- CVE-2019-6111

During the install, you have the option of downloading and installing updates. These additional updates include openssh version 1:7.6p1-4ubuntu0.3 which includes addition fixes for one CVE:
- CVE-2019-6111

Thanks