[USN-612-7] OpenSSH update
Date: Tue, 20 May 2008 07:00:27 -0700
From: Kees Cook <kees@ubuntu.com.>
To: [email protected]
Subject: [USN-612-7] OpenSSH update
Message-ID: <20080520140027.GZ12850@outflux.net.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="ZF1t0IC2USSPoN83"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.313 $
X-HELO: www.outflux.net
X-Scanned-By: MIMEDefang 2.57 on 10.2.0.1
X-Virus-Scanned: antivirus-gw at tyumen.ru
--ZF1t0IC2USSPoN83
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-612-7 May 20, 2008
openssh update
CVE-2008-0166
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
openssh-server 1:4.2p1-7ubuntu3.4
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
USN-612-2 introduced protections for OpenSSH, related to the OpenSSL
vulnerabilities addressed by USN-612-1. This update provides the
corresponding updates for OpenSSH in Ubuntu 6.06 LTS. While the OpenSSL
in Ubuntu 6.06 is not vulnerable, this update will block weak keys
generated on systems that may have been affected themselves.
Original advisory details:
A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1-7ub=
untu3.4.diff.gz
Size/MD5: 182650 398d72f7b781e8e95fc087bf00fdd8d8
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1-7ub=
untu3.4.dsc
Size/MD5: 1003 9409a4fb78b08993a72b80b75c42fe35
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1.ori=
g.tar.gz
Size/MD5: 928420 93295701e6bcd76fabd6a271654ed15c
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.2p1-7ubuntu=
3.4_all.deb
Size/MD5: 1054 707ff475af54c989978b00383e5e5eb4
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-ud=
eb_4.2p1-7ubuntu3.4_amd64.udeb
Size/MD5: 166396 64f92a79d3a23aaab66122a6f6296d05
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.=
2p1-7ubuntu3.4_amd64.deb
Size/MD5: 655630 2356bca8d4236579fa5b747319a2afb6
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.=
2p1-7ubuntu3.4_amd64.deb
Size/MD5: 237270 050a4bc996eceb1cd82171bae109da29
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome=
_4.2p1-7ubuntu3.4_amd64.deb
Size/MD5: 87316 f2289dde21d2c4a521c69e2a8b6d83bf
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-serve=
r-udeb_4.2p1-7ubuntu3.4_amd64.udeb
Size/MD5: 183704 fae5bee4c7713fc89f26f1b829682e6a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-ud=
eb_4.2p1-7ubuntu3.4_i386.udeb
Size/MD5: 141116 b35ffe9f7bb2b46a315c6afa39adb735
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.=
2p1-7ubuntu3.4_i386.deb
Size/MD5: 576684 8b7f2699886085c58544c1ae57de2533
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.=
2p1-7ubuntu3.4_i386.deb
Size/MD5: 207448 cfcf49b6dbf6c5b5bf6b2e207ec31767
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome=
_4.2p1-7ubuntu3.4_i386.deb
Size/MD5: 86956 5ec0cb596226b1b13b48387f3874791c
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-serve=
r-udeb_4.2p1-7ubuntu3.4_i386.udeb
Size/MD5: 153746 d22536de2913597b80b518d19920e616
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-ud=
eb_4.2p1-7ubuntu3.4_powerpc.udeb
Size/MD5: 160082 b46a74f2d932afdd504b66ab8338a4a2
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.=
2p1-7ubuntu3.4_powerpc.deb
Size/MD5: 641064 f5a2eef8f2e15981c75da97d3b7483a5
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.=
2p1-7ubuntu3.4_powerpc.deb
Size/MD5: 228264 53ee26d4852f85388c4871212b4c60ca
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome=
_4.2p1-7ubuntu3.4_powerpc.deb
Size/MD5: 88590 6f2ab1c679612b45f29f635aeef27ef3
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-serve=
r-udeb_4.2p1-7ubuntu3.4_powerpc.udeb
Size/MD5: 168906 d1c6dee5d716a7ab367d4737d17396f8
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-ud=
eb_4.2p1-7ubuntu3.4_sparc.udeb
Size/MD5: 150316 8d74f69f08666fde4bcad1efec13fb00
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.=
2p1-7ubuntu3.4_sparc.deb
Size/MD5: 584014 faa90e6f4211e484480a008ea7bbe082
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.=
2p1-7ubuntu3.4_sparc.deb
Size/MD5: 210494 59eb147b73bcfc2bcc2dfe14216ad566
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome=
_4.2p1-7ubuntu3.4_sparc.deb
Size/MD5: 86968 1ad9475a33d64780765489cafd84731a
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-serve=
r-udeb_4.2p1-7ubuntu3.4_sparc.udeb
Size/MD5: 163226 8d3e4af7465d8d4f1b39b510f6638754
--ZF1t0IC2USSPoN83
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIMtl7H/9LqRcGPm0RAr4tAJ0UVfDzRMl3WhMZvYWR8g6TJlEWgACgpSea
xo+Y49gefGkplCVfoQeZpRI=
=SK/I
-----END PGP SIGNATURE-----
--ZF1t0IC2USSPoN83--