Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

Ubuntu 24.04 LTS USN-6887-1: OpenSSH Critical Timing Exposure

ubuntu
Calendar Grey July 9, 2024
Dist Ubuntu Esm H88
A critical OpenSSH flaw can allow remote attackers to exploit timing info, compromising data confidentiality. All users must update to mitigate this risk
OpenSSH could be made to expose timing information over the network.

Summary

OpenSSH could be made to expose timing information over the network.

Software Description:

- openssh: secure shell (SSH) for secure access to remote machines

Details:

Philippos Giavridis, Jacky Wei En Kung, Daniel Hugenroth, and Alastair

Beresford discovered that the OpenSSH ObscureKeystrokeTiming feature did

not work as expected. A remote attacker could possibly use this issue to

determine timing information about keystrokes.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   openssh-client                  1:9.6p1-3ubuntu13.4
   openssh-server                  1:9.6p1-3ubuntu13.4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6887-1

CVE-2024-39894

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6887-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here