Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 502
Alerts This Week
Warning Icon 1 502

Ubuntu 18.04 LTS USN-3809-1 Critical: OpenSSH Access Control Issues

ubuntu
Calendar Grey November 6, 2018
Dist Ubuntu Esm H88
Address OpenSSH security flaws on Ubuntu platforms using USN-3809-1 patches to boost system safety.
Several security issues were fixed in OpenSSH.

Summary

Several security issues were fixed in OpenSSH.

Software Description:

- openssh: secure shell (SSH) for secure access to remote machines

Details:

Robert Swiecki discovered that OpenSSH incorrectly handled certain

messages. An attacker could possibly use this issue to cause a denial

of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04

LTS. (CVE-2016-10708)

It was discovered that OpenSSH incorrectly handled certain requests.

An attacker could possibly use this issue to access sensitive

information. (CVE-2018-15473)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  openssh-server                  1:7.6p1-4ubuntu0.1

Ubuntu 16.04 LTS:
  openssh-server                  1:7.2p2-4ubuntu2.6

Ubuntu 14.04 LTS:
  openssh-server                  1:6.6p1-2ubuntu2.11

In general, a standard system update will makVe all the necessary
changes.

References

  https://ubuntu.com/security/notices/USN-3809-1

  CVE-2016-10708, CVE-2018-15473

Severity
critical
Lowest
Low
Medium
High
Critical

November 06, 2018

Package Information

  https://launchpad.net/ubuntu/+source/openssh/1:7.6p1-4ubuntu0.1
  https://launchpad.net/ubuntu/+source/openssh/1:7.2p2-4ubuntu2.6
  https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.11

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.