Debian: DSA-1576-1 Critical OpenSSH Randomness Attack Mitigated
debian
May 14, 2008
Jan Pechanec discovered that ssh fails back to creating a trusted X11
cookie if creating an untrusted cookie fails, potentially exposing
the local display to a malicious...
Topics Covered
Summary
This update contains a dependency on the openssl update and will
automatically install a corrected version of the libss0.9.8 package,
and a new package openssh-blacklist.
Once the update is applied, weak user keys will be automatically
rejected where possible (though they cannot be detected in all
cases). If you are using such keys for user authentication, they
will immediately stop working and will need to be replaced (see
step 3).
OpenSSH host keys can be automatically regenerated when the OpenSSH
security update is applied. The update will prompt for confirmation
before taking this step.
2. Update OpenSSH known_hosts files
The regeneration of host keys will cause a warning to be displayed when
connecting to the system using SSH until the host key is updated in the
known_hosts file. The warning will look like this:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGE...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!