Ubuntu alert USN-2869-1 (openssh)
| From: | Marc Deslauriers <marc.deslauriers@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-2869-1] OpenSSH vulnerabilities | |
| Date: | Thu, 14 Jan 2016 10:54:09 -0500 | |
| Message-ID: | <5697C4A1.6020407@canonical.com> |
========================================================================== Ubuntu Security Notice USN-2869-1 January 14, 2016 openssh vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: OpenSSH could be made to expose sensitive information over the network. Software Description: - openssh: secure shell (SSH) for secure access to remote machines Details: It was discovered that the OpenSSH client experimental support for resuming connections contained multiple security issues. A malicious server could use this issue to leak client memory to the server, including private client user keys. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: openssh-client 1:6.9p1-2ubuntu0.1 Ubuntu 15.04: openssh-client 1:6.7p1-5ubuntu1.4 Ubuntu 14.04 LTS: openssh-client 1:6.6p1-2ubuntu2.4 Ubuntu 12.04 LTS: openssh-client 1:5.9p1-5ubuntu1.8 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2869-1 CVE-2016-0777, CVE-2016-0778 Package Information: https://launchpad.net/ubuntu/+source/openssh/1:6.9p1-2ubu... https://launchpad.net/ubuntu/+source/openssh/1:6.7p1-5ubu... https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubu... https://launchpad.net/ubuntu/+source/openssh/1:5.9p1-5ubu... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...