Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Ubuntu 20.04 LTS USN-6279-1 Moderate: OpenSSH Information Leak

ubuntu
Calendar Grey August 9, 2023
Dist Ubuntu Esm H88
The Ubuntu Security Notice USN-6280-1 outlines a significant vulnerability correction in OpenSSH, which targets a data exposure issue across various supported Ubuntu versions.
A hardening measure was added to OpenSSH.

Summary

A hardening measure was added to OpenSSH.

Software Description:

- openssh: secure shell (SSH) for secure access to remote machines

Details:

It was discovered that OpenSSH has an observable discrepancy leading to an

information leak in the algorithm negotiation. This update mitigates the

issue by tweaking the client hostkey preference ordering algorithm to

prefer the default ordering if the user has a key that matches the

best-preference default algorithm.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  openssh-client                  1:8.2p1-4ubuntu0.9

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  openssh-client                  1:7.6p1-4ubuntu0.7+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  openssh-client                  1:7.2p2-4ubuntu2.10+esm4

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
  openssh-client                  1:6.6p1-2ubuntu2.13+esm2

In general, a standard system update will make all the necessary changes.

References

https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2030275

Ubuntu Security Notice USN-6279-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here