Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-612-7: OpenSSH update

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-612-7: OpenSSH update
# 1  
Old 05-20-2008
USN-612-7: OpenSSH update
Referenced CVEs:
CVE-2008-0166


Description:
=========================================================== Ubuntu Security Notice USN-612-7 May 20, 2008 openssh update CVE-2008-0166 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: openssh-server 1:4.2p1-7ubuntu3.4 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-612-2 introduced protections for OpenSSH, related to the OpenSSL vulnerabilities addressed by USN-612-1. This update provides the corresponding updates for OpenSSH in Ubuntu 6.06 LTS. While the OpenSSL in Ubuntu 6.06 is not vulnerable, this update will block weak keys generated on systems that may have been affected themselves. Original advisory details: A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

secpanel

SECPANEL(1)						      General Commands Manual						       SECPANEL(1)

NAME

       secpanel - a Tcl/Tk front-end to ssh and scp

SYNOPSIS

       secpanel

DESCRIPTION

       SecPanel serves as a graphical user interface for managing and running SSH (Secure Shell) and SCP (Secure Copy) connections.

       Note: SecPanel is not a new implementation of the SecureShell protocol or the ssh software-suite.

       SecPanel sits on top of SSH software-suites and supports the SSH.com and the OpenSSH-version.  You may get information about these programs
       at http://www.ssh.com respectively at http://www.openssh.com.

       SecPanel is written entirely in pure Tcl/Tk and does not need any extensions but it requires Version 8.x of Tcl and Tk.

       SecPanel is free software and is released under the conditions of the GNU General Public License.  See the file COPYING and  notes  in  the
       source code for details.

   Features
       Saves  and  manages  profiles of different SecureShell connections.  Gives an ftpclient-like graphical interface/file listing for launching
       SCP-transfers.  Editing of profiles mainly by mouse-clicking.  Gives list of profiles to connect to.   One  list  for  default  connections
       using  a default profile and another list for managing special connections e.g. port-forwarding setups for reading mail.  Management of the
       ssh-agent.  Support for generating and distributing keys for public key authentication.

   Planned Features
       Support for the SSH2 protocol related options, configurations and special features of SSH.com's and OpenSSH's suites.

AUTHOR

       Steffen Leich <secpanel@pingx.net>

SEE ALSO

       ssh(1), scp(1), ssh-askpass(1), ssh-agent(1)

Debian Project							    2002-06-30							       SECPANEL(1)