|
Find the information you need for your favorite open source distribution
 To browse through our weekly Linux Advisory Watch newsletters, click here.
|
|
|
Posted by Benjamin D. Thomas
|
|
USN-612-2 introduced protections for OpenSSH, related to the OpenSSL
vulnerabilities addressed by USN-612-1. This update provides the
corresponding updates for OpenSSH in Ubuntu 6.06 LTS. While the OpenSSL
in Ubuntu 6.06 is not vulnerable, this update will block weak keys
generated on systems that may have been affected themselves.
Original advisory details:
|
|
|
Posted by Benjamin D. Thomas
|
|
USN-612-3 addressed a weakness in OpenSSL certificate and keys
generation in OpenVPN by adding checks for vulnerable certificates
and keys to OpenVPN. A regression was introduced in OpenVPN when
using TLS and multi-client/server which caused OpenVPN to not start
when using valid SSL certificates.
|
|
|
Posted by Benjamin D. Thomas
|
|
Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys
with options (such as "no-port-forwarding" or forced commands) were
ignored by the new ssh-vulnkey tool introduced in OpenSSH (see
USN-612-2). This could cause some compromised keys not to be
listed in ssh-vulnkey's output.
|
|
|
Posted by Benjamin D. Thomas
|
|
A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates.
|
|
|
Posted by Benjamin D. Thomas
|
|
A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH.
|
|
|
Posted by Benjamin D. Thomas
|
|
A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates. |
|
|
Posted by Benjamin D. Thomas
|
|
It was discovered that Speex did not properly validate its input when
processing Speex file headers. If a user or automated system were
tricked into opening a specially crafted Speex file, an attacker could
create a denial of service in applications linked against Speex or
possibly execute arbitrary code as the user invoking the program.
|
|
|
<< Start < Prev 1 2 3 Next > End >>
|
| Results 15 - 21 of 324 |
