Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-612-7: OpenSSH update

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-612-7: OpenSSH update
# 1  
Old 05-20-2008
USN-612-7: OpenSSH update
Referenced CVEs:
CVE-2008-0166


Description:
=========================================================== Ubuntu Security Notice USN-612-7 May 20, 2008 openssh update CVE-2008-0166 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: openssh-server 1:4.2p1-7ubuntu3.4 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-612-2 introduced protections for OpenSSH, related to the OpenSSL vulnerabilities addressed by USN-612-1. This update provides the corresponding updates for OpenSSH in Ubuntu 6.06 LTS. While the OpenSSL in Ubuntu 6.06 is not vulnerable, this update will block weak keys generated on systems that may have been affected themselves. Original advisory details: A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

net::cli::interact::transport::ssh

Net::CLI::Interact::Transport::SSH(3pm) 		User Contributed Perl Documentation		   Net::CLI::Interact::Transport::SSH(3pm)

NAME

       Net::CLI::Interact::Transport::SSH - SSH based CLI connection

VERSION

       version 1.121640

DECRIPTION

       This module provides a wrapped instance of an SSH client for use by Net::CLI::Interact.

INTERFACE

   app
       On Windows platforms you must download the "plink.exe" program, and pass its location to the library in this parameter. On other platforms,
       this defaults to "ssh" (openssh).

   runtime_options
       Based on the "connect_options" hash provided to Net::CLI::Interact on construction, selects and formats parameters to provide to "app" on
       the command line. Supported attributes:

       host (required)
	   Host name or IP address of the host to which the SSH application is to connect. Alternatively you can pass a value of the form
	   "user@host", but it's probably better to use the separate "username" parameter instead.

       username
	   Optionally pass in the username for the SSH connection, otherwise the SSH client defaults to the current user's username. When using
	   this option, you should obviously only pass the host name to "host".

       ignore_host_checks
	   Under normal interactive use "openssh" tracks the identity of connected hosts and verifies these identities upon each connection. In
	   automation this behaviour can be irritating because it is interactive.

	   This option, enabled by default, causes "openssh" to skip or ignore this host identity verification. This means the default setting is
	   less secure, but also less likely to trip you up. It is equivalent to the following:

	    StrictHostKeyChecking=no
	    UserKnownHostsFile=/dev/null
	    CheckHostIP=no

	   Pass a false value to this option to disable the above and return "openssh" to its default configured settings.

       opts
	   If you want to pass any other options to openssh on its command line, then use this option, which should be an array reference. Each
	   item in the list will be passed to "openssh", separated by a single space character. For example:

	    $s->new({
		# ...other parameters to new()...
		connect_options => {
		    opts => [
			'-p', '222',		# connect to non-standard port on remote host
			'-o', 'CheckHostIP=no', # don't check host IP in known_hosts file
		    ],
		},
	    });

       reap
	   Only used on Unix platforms, this installs a signal handler which attempts to reap the "ssh" child process. Pass a true value to enable
	   this feature only if you notice zombie processes are being left behind after use.

COMPOSITION

       See the following for further interface details:

       o   Net::CLI::Interact::Transport

AUTHOR

       Oliver Gorwits <oliver@cpan.org>

COPYRIGHT AND LICENSE

       This software is copyright (c) 2012 by Oliver Gorwits.

       This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

perl v5.14.2							    2012-06-12				   Net::CLI::Interact::Transport::SSH(3pm)