=========================================================== 
Ubuntu Security Notice USN-612-7               May 20, 2008
openssh update
CVE-2008-0166
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  openssh-server                  1:4.2p1-7ubuntu3.4

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-612-2 introduced protections for OpenSSH, related to the OpenSSL
vulnerabilities addressed by USN-612-1.  This update provides the
corresponding updates for OpenSSH in Ubuntu 6.06 LTS.  While the OpenSSL
in Ubuntu 6.06 is not vulnerable, this update will block weak keys
generated on systems that may have been affected themselves.

Original advisory details:

 A weakness has been discovered in the random number generator used
 by OpenSSL on Debian and Ubuntu systems.  As a result of this
 weakness, certain encryption keys are much more common than they
 should be, such that an attacker could guess the key through a
 brute-force attack given minimal knowledge of the system.  This
 particularly affects the use of encryption keys in OpenSSH, OpenVPN
 and SSL certificates.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:   182650 398d72f7b781e8e95fc087bf00fdd8d8
          Size/MD5:     1003 9409a4fb78b08993a72b80b75c42fe35
          Size/MD5:   928420 93295701e6bcd76fabd6a271654ed15c

  Architecture independent packages:

          Size/MD5:     1054 707ff475af54c989978b00383e5e5eb4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   166396 64f92a79d3a23aaab66122a6f6296d05
          Size/MD5:   655630 2356bca8d4236579fa5b747319a2afb6
          Size/MD5:   237270 050a4bc996eceb1cd82171bae109da29
          Size/MD5:    87316 f2289dde21d2c4a521c69e2a8b6d83bf
          Size/MD5:   183704 fae5bee4c7713fc89f26f1b829682e6a

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   141116 b35ffe9f7bb2b46a315c6afa39adb735
          Size/MD5:   576684 8b7f2699886085c58544c1ae57de2533
          Size/MD5:   207448 cfcf49b6dbf6c5b5bf6b2e207ec31767
          Size/MD5:    86956 5ec0cb596226b1b13b48387f3874791c
          Size/MD5:   153746 d22536de2913597b80b518d19920e616

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   160082 b46a74f2d932afdd504b66ab8338a4a2
          Size/MD5:   641064 f5a2eef8f2e15981c75da97d3b7483a5
          Size/MD5:   228264 53ee26d4852f85388c4871212b4c60ca
          Size/MD5:    88590 6f2ab1c679612b45f29f635aeef27ef3
          Size/MD5:   168906 d1c6dee5d716a7ab367d4737d17396f8

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   150316 8d74f69f08666fde4bcad1efec13fb00
          Size/MD5:   584014 faa90e6f4211e484480a008ea7bbe082
          Size/MD5:   210494 59eb147b73bcfc2bcc2dfe14216ad566
          Size/MD5:    86968 1ad9475a33d64780765489cafd84731a
          Size/MD5:   163226 8d3e4af7465d8d4f1b39b510f6638754

Ubuntu: OpenSSH update

May 20, 2008
USN-612-2 introduced protections for OpenSSH, related to the OpenSSL vulnerabilities addressed by USN-612-1

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-612-7 May 20, 2008

Package Information

Related News

28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for
4.Lock AbstractDigital Esm H320
2 - 3 min read
Canonical , the company behind Ubuntu , has introduced Netplan 1.0 , a network configuration tool that simplifies networking configuration on Linux

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved