==========================================================================
Ubuntu Security Notice USN-2145-1
March 12, 2014
libssh vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 13.10
– Ubuntu 12.10
– Ubuntu 12.04 LTS
Summary:
A security issue was fixed in libssh.
Software Description:
– libssh: A tiny C SSH library
Details:
Aris Adamantiadis discovered that libssh allowed the OpenSSL PRNG state to
be reused when implementing forking servers. This could allow an attacker
to possibly obtain information about the state of the PRNG and perform
cryptographic attacks.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
libssh-4 0.5.4-1ubuntu0.1
Ubuntu 12.10:
libssh-4 0.5.2-1ubuntu0.12.10.3
Ubuntu 12.04 LTS:
libssh-4 0.5.2-1ubuntu0.12.04.3
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2145-1
CVE-2014-0017
Package Information:
https://launchpad.net/ubuntu/+source/libssh/0.5.4-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libssh/0.5.2-1ubuntu0.12.10.3
https://launchpad.net/ubuntu/+source/libssh/0.5.2-1ubuntu0.12.04.3
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/
iQIcBAEBCgAGBQJTIGQ0AAoJEGVp2FWnRL6TCaMP/ifBe6uA5hCWq/pS8AUJiYVl
CCT34mMN7WiywnokfaWMgdXMM//1AeXIcneTNgPUSNoghkA2uaLFns/kt/XBOnrY
T8WJvSW+BFLu3TJAjhBjOdmotXDn+XtSXfMbW41JI0IYOI1njFqMRFjSPV715sW/
/uQflysS0bk2yxptOxc/Lvv9M2SYbnJnJxIqVk6g0S8rxxp6Rc+10bu2qKC50T18
9jN3uC1hKnbzY4hKW1TOt8q9G3TDHafQiINpQbbg2jnuRvp85uGzqWwIC4kfvoQ5
n+NGWK7OobjaWoFqf1n+XWkvaTQBt53XIFuxvAynW6SHn9J0hzeHUFZkfXmMm3QX
aKQNnaJ9DtNVSZJlUXhaH1guALZqnpFFOeJ0L1lgHv1LaWs0VvG2ooL1smBOC6Up
jAbMT4PLdYlUDWMaQfhBqpnrpOUa30nb6WRY5q6l7Pe+sHS3VlMPbPP2/TZA2G8j
8zaFhUqFOeYAxwtR95hhHoT0q7GsOaBr4E4jml10uxIPqM5oXATLODpIWwNX7X/T
WPxjacJ/6l+9mXB0EE+3CPGbbm6sqnzsFhDhFgHO2IJQnnqYzIiBS19MUuX4wflq
FuCA2hcKmbcdWKhKT6ZbAGvKn6hbh8K/CwuakuAfnNnVqBx8PFfEcz+3kUBveJtA
thX1Ael1UaUICN/rTOEg
=mxt+
—–END PGP SIGNATURE—–
—