Alerts This Week
Warning Icon 1 697
Alerts This Week
Warning Icon 1 697

Ubuntu 15.04, 14.04 LTS, 12.04 LTS: OpenSSH Threats Update

Calendar Aug 14, 2015 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory remote access threat mitigation authentication openssh ubuntu user impersonation
Several security issues were fixed in OpenSSH. 
=========================================================================Ubuntu Security Notice USN-2710-1
August 14, 2015

openssh vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in OpenSSH.

Software Description:
- openssh: secure shell (SSH) for secure access to remote machines

Details:

Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when
using PAM authentication. If an additional vulnerability were discovered in
the OpenSSH unprivileged child process, this issue could allow a remote
attacker to perform user impersonation. (CVE number pending)

Moritz Jodeit discovered that OpenSSH incorrectly handled context memory
when using PAM authentication. If an additional vulnerability were
discovered in the OpenSSH unprivileged child process, this issue could
allow a remote attacker to bypass authentication or possibly execute
arbitrary code. (CVE number pending)

Jann Horn discovered that OpenSSH incorrectly handled time windows for
X connections. A remote attacker could use this issue to bypass certain
access restrictions. (CVE-2015-5352)

It was discovered that OpenSSH incorrectly handled keyboard-interactive
authentication. In a non-default configuration, a remote attacker could
possibly use this issue to perform a brute-force password attack.
(CVE-2015-5600)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  openssh-server                  1:6.7p1-5ubuntu1.2

Ubuntu 14.04 LTS:
  openssh-server                  1:6.6p1-2ubuntu2.2

Ubuntu 12.04 LTS:
  openssh-server                  1:5.9p1-5ubuntu1.6

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2710-1
  CVE-2015-5352, CVE-2015-5600

Package Information:
  https://launchpad.net/ubuntu/+source/openssh/1:6.7p1-5ubuntu1.2
  https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.2
  https://launchpad.net/ubuntu/+source/openssh/1:5.9p1-5ubuntu1.6

Ubuntu 15.04, 14.04 LTS, 12.04 LTS: OpenSSH Threats Update

ubuntu
Calendar Grey August 14, 2015
Dist Ubuntu Esm H88
Addressed multiple OpenSSH security flaws in Ubuntu distributions to maintain robust defenses against external threats.
Several security issues were fixed in OpenSSH.

Summary

Topics%20covered

Topics Covered

security advisory remote access threat mitigation authentication openssh ubuntu user impersonation

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: openssh-server 1:6.7p1-5ubuntu1.2 Ubuntu 14.04 LTS: openssh-server 1:6.6p1-2ubuntu2.2 Ubuntu 12.04 LTS: openssh-server 1:5.9p1-5ubuntu1.6 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2710-1

CVE-2015-5352, CVE-2015-5600

Severity
important
Lowest
Low
Medium
High
Critical

August 14, 2015

Topics%20covered

Topics Covered

security advisory remote access threat mitigation authentication openssh ubuntu user impersonation

Package Information

https://launchpad.net/ubuntu/+source/openssh/1:6.7p1-5ubuntu1.2 https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.2 https://launchpad.net/ubuntu/+source/openssh/1:5.9p1-5ubuntu1.6

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here