drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in OpenSSH
Name: |
Zwei Probleme in OpenSSH |
|
ID: |
USN-3061-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 16.04 LTS |
|
Datum: |
Mo, 15. August 2016, 19:34 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6210 |
|
Applikationen: |
OpenSSH |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============6556713850697283251== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="U6fj52i0XEAhN4kKpLdVGcDEQCkwwlTc8"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --U6fj52i0XEAhN4kKpLdVGcDEQCkwwlTc8 Content-Type: multipart/mixed; boundary="cPdqRJQAt5xFHVd14Ajvch1SbsuVnjJbH" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <26871884-db7c-630b-df37-dfd28e120c40@canonical.com> Subject: [USN-3061-1] OpenSSH vulnerabilities
--cPdqRJQAt5xFHVd14Ajvch1SbsuVnjJbH Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3061-1 August 15, 2016
openssh vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in OpenSSH.
Software Description: - openssh: secure shell (SSH) for secure access to remote machines
Details:
Eddie Harari discovered that OpenSSH incorrectly handled password hashing when authenticating non-existing users. A remote attacker could perform a timing attack and enumerate valid users. (CVE-2016-6210)
Tomas Kuthan, Andres Rojas, and Javier Nieto discovered that OpenSSH did not limit password lengths. A remote attacker could use this issue to cause OpenSSH to consume resources, leading to a denial of service. (CVE-2016-6515)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: openssh-server 1:7.2p2-4ubuntu2.1
Ubuntu 14.04 LTS: openssh-server 1:6.6p1-2ubuntu2.8
Ubuntu 12.04 LTS: openssh-server 1:5.9p1-5ubuntu1.10
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3061-1 CVE-2016-6210, CVE-2016-6515
Package Information: https://launchpad.net/ubuntu/+source/openssh/1:7.2p2-4ubuntu2.1 https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.8 https://launchpad.net/ubuntu/+source/openssh/1:5.9p1-5ubuntu1.10
--cPdqRJQAt5xFHVd14Ajvch1SbsuVnjJbH--
--U6fj52i0XEAhN4kKpLdVGcDEQCkwwlTc8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJXsftKAAoJEGVp2FWnRL6TnsEP/ibZDghyjQeCTXaYXiaONipQ IrRALU5Thgu6xOqBru6M+P23YP2tZq39/a2hVwHJoIu7/OcX3ESJNCeVJ4hLwasx /moDctOpPnaqgBIYOfeIEnKSY1R6VqvzLaazgsOEGx+ppMNh4LE//QimGt+5wCbp yIV+qFESeZ06uMWch9WJmZgBYCzExt5U8ARmP44KJ/bG9Bfxg3tYsZ1uqlMTdh3o rfjvexMf8hTW14vxRwqXE8Bdwm2SQEXNCB+/uigBpZH/xTUvOSL9lW2nBKUcl5I2 F9GU5b57+BUlt3f0JhtD8qQ6upo95aW48TRMRQO9n5ZaiisK6+ktq52BGC9N9l1T 4BaozFcIDDDgZyd6d4TbLavhefPdr8ZfSejt7rpHGpfQMTisyMdlz8sGJiGiWxfC foPPZMKvLL8PzgffqmlWsI1oT36X/DpqyKAShASFlf8p5InZNY28JXIwZByUjpTI jucg455KH4JZFYVvLlbIEsaor+qJxzmypo8dlQx3jX6YSSqnDFU0lk7Hk/KFNr0r dqjl/YNSoJuIMsiK/tgxyG9S0rOC5qYWjQfAHLivNlbBFC7pKI4YMtiT6R8yssfN n4tJt9jCPvKmNUhmvybavC8YP+rP0Y7meSG2KX5Voet0y7HdDLI4hOuDFJeNwsUW qp03r/mFLZLdvedfqtdw =uEEL -----END PGP SIGNATURE-----
--U6fj52i0XEAhN4kKpLdVGcDEQCkwwlTc8--
--===============6556713850697283251== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6556713850697283251==--
|
|
|
|