LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: OpenSSH update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu USN-612-2 introduced protections for OpenSSH, related to the OpenSSL vulnerabilities addressed by USN-612-1. This update provides the corresponding updates for OpenSSH in Ubuntu 6.06 LTS. While the OpenSSL in Ubuntu 6.06 is not vulnerable, this update will block weak keys generated on systems that may have been affected themselves. Original advisory details:
=========================================================== 
Ubuntu Security Notice USN-612-7               May 20, 2008
openssh update
CVE-2008-0166
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  openssh-server                  1:4.2p1-7ubuntu3.4

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-612-2 introduced protections for OpenSSH, related to the OpenSSL
vulnerabilities addressed by USN-612-1.  This update provides the
corresponding updates for OpenSSH in Ubuntu 6.06 LTS.  While the OpenSSL
in Ubuntu 6.06 is not vulnerable, this update will block weak keys
generated on systems that may have been affected themselves.

Original advisory details:

 A weakness has been discovered in the random number generator used
 by OpenSSL on Debian and Ubuntu systems.  As a result of this
 weakness, certain encryption keys are much more common than they
 should be, such that an attacker could guess the key through a
 brute-force attack given minimal knowledge of the system.  This
 particularly affects the use of encryption keys in OpenSSH, OpenVPN
 and SSL certificates.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1-7ubuntu3.4.diff.gz
      Size/MD5:   182650 398d72f7b781e8e95fc087bf00fdd8d8
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1-7ubuntu3.4.dsc
      Size/MD5:     1003 9409a4fb78b08993a72b80b75c42fe35
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1.orig.tar.gz
      Size/MD5:   928420 93295701e6bcd76fabd6a271654ed15c

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.2p1-7ubuntu3.4_all.deb
      Size/MD5:     1054 707ff475af54c989978b00383e5e5eb4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.4_amd64.udeb
      Size/MD5:   166396 64f92a79d3a23aaab66122a6f6296d05
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.4_amd64.deb
      Size/MD5:   655630 2356bca8d4236579fa5b747319a2afb6
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.4_amd64.deb
      Size/MD5:   237270 050a4bc996eceb1cd82171bae109da29
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.4_amd64.deb
      Size/MD5:    87316 f2289dde21d2c4a521c69e2a8b6d83bf
    http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.4_amd64.udeb
      Size/MD5:   183704 fae5bee4c7713fc89f26f1b829682e6a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.4_i386.udeb
      Size/MD5:   141116 b35ffe9f7bb2b46a315c6afa39adb735
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.4_i386.deb
      Size/MD5:   576684 8b7f2699886085c58544c1ae57de2533
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.4_i386.deb
      Size/MD5:   207448 cfcf49b6dbf6c5b5bf6b2e207ec31767
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.4_i386.deb
      Size/MD5:    86956 5ec0cb596226b1b13b48387f3874791c
    http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.4_i386.udeb
      Size/MD5:   153746 d22536de2913597b80b518d19920e616

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.4_powerpc.udeb
      Size/MD5:   160082 b46a74f2d932afdd504b66ab8338a4a2
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.4_powerpc.deb
      Size/MD5:   641064 f5a2eef8f2e15981c75da97d3b7483a5
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.4_powerpc.deb
      Size/MD5:   228264 53ee26d4852f85388c4871212b4c60ca
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.4_powerpc.deb
      Size/MD5:    88590 6f2ab1c679612b45f29f635aeef27ef3
    http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.4_powerpc.udeb
      Size/MD5:   168906 d1c6dee5d716a7ab367d4737d17396f8

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.4_sparc.udeb
      Size/MD5:   150316 8d74f69f08666fde4bcad1efec13fb00
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.4_sparc.deb
      Size/MD5:   584014 faa90e6f4211e484480a008ea7bbe082
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.4_sparc.deb
      Size/MD5:   210494 59eb147b73bcfc2bcc2dfe14216ad566
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.4_sparc.deb
      Size/MD5:    86968 1ad9475a33d64780765489cafd84731a
    http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.4_sparc.udeb
      Size/MD5:   163226 8d3e4af7465d8d4f1b39b510f6638754


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.