Ubuntu: openssh vulnerabilities

=========================================================== 
Ubuntu Security Notice USN-355-1           October 02, 2006
openssh vulnerabilities
CVE-2006-4924, CVE-2006-5051
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  openssh-server                           1:3.9p1-1ubuntu2.3

Ubuntu 5.10:
  openssh-server                           1:4.1p1-7ubuntu4.2

Ubuntu 6.06 LTS:
  openssh-server                           1:4.2p1-7ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Tavis Ormandy discovered that the SSH daemon did not properly handle
authentication packets with duplicated blocks. By sending specially
crafted packets, a remote attacker could exploit this to cause the ssh
daemon to drain all available CPU resources until the login grace time
expired. (CVE-2006-4924)

Mark Dowd discovered a race condition in the server's signal handling.
A remote attacker could exploit this to crash the server.
(CVE-2006-5051)


Updated packages for Ubuntu 5.04:

  Source archives:

          Size/MD5:   143243 ee5b491cf023e53b4991fe319da669aa
          Size/MD5:      866 237dcc91dde3201ba0bc5b9372654708
          Size/MD5:   832804 530b1dcbfe7a4a4ce4959c0775b85a5a

  Architecture independent packages:

          Size/MD5:    31312 a25012353606283dbae09b56dc60f1bb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:   166846 b0507203d786efa365cef305acc0b790
          Size/MD5:   544562 4464ce148432194666a3fd7fae5b884f
          Size/MD5:   179290 2774b437173889390312fab14a0d9edf
          Size/MD5:   279624 deb54b320447ab79b8d8fb351c04960d
          Size/MD5:    62924 083fd0c899ed8c0c088f6f659d2fd017

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:   139452 31deaca18b94b27d52c1870d86810db4
          Size/MD5:   492810 8df816ca89945adc93e80d49f53aebe6
          Size/MD5:   149160 632d59e71b6a3f5aab50e4cfd3842442
          Size/MD5:   256218 5f9791afb335d57cd1a830c1e886ee08
          Size/MD5:    62512 9f21ce3a1134980ec47c1e99cf62ff61

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:   159886 447da8535b3b4c0b85fefd44e01f4c4d
          Size/MD5:   541254 8d16c7e18fef84ab8f6a435c8c988b93
          Size/MD5:   163428 e0ca6e79f907c35e2c32e515b8e808dd
          Size/MD5:   273640 c8e00fcbe413ac902ccc4dca508572f2
          Size/MD5:    64092 a88a46209fac664959c35b36fb93066e

Updated packages for Ubuntu 5.10:

  Source archives:

          Size/MD5:   158624 fc0f2620cc3fc07ad4ea050b675e5f1b
          Size/MD5:      971 cd61da4d0742c684aaf90b8390252818
          Size/MD5:   909689 3709109adf0b82176668b3d3478dd033

  Architecture independent packages:

          Size/MD5:     1050 d520acb54639c9b900b973c08e1a5fe8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:   162614 0e4e07c663d0f33f3fd73a0b6c2e433a
          Size/MD5:   584852 bb1ac6382aa349a7bea3cccf0948117e
          Size/MD5:   179490 a1bccf78a412d6799d25f0ca73ab4623
          Size/MD5:   223914 ec3d782f9c3b88c97cea3b928e458fea
          Size/MD5:    78228 02951ff37cc638222a067c77b808523d

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:   138272 3a49a90c6f6f9f52c775aeecb05caf76
          Size/MD5:   515080 0100950f90ddd99704be28b2c9ff8478
          Size/MD5:   149782 c89f7310123da769a7eec86d6ba72a6a
          Size/MD5:   195292 7cf57e81b03dce633eb56bdc44655c89
          Size/MD5:    77944 15d8e58dd24c85d380432bc3b7a633c7

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:   155858 f4f64f9b3de12bfc043661e8e31d090c
          Size/MD5:   569144 baabd24742192f1df2ceb5220d540937
          Size/MD5:   163322 42064b77c600c04ba5441876830a772d
          Size/MD5:   215386 c4360aa642d117f539ff2d1082ae705b
          Size/MD5:    79512 e25ff733bd60854f7a42cfa0c636eb7d

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:   147902 13d070c8101686ef53e062c136d609be
          Size/MD5:   524974 c67b3c3cd75b37b9e10d03033e657c7c
          Size/MD5:   158836 a425ab0c6cbc9ae5dd09a4880a36e374
          Size/MD5:   199192 85892b06e6780bba357d9c68ff36e0fd
          Size/MD5:    77982 ab47361323b0a7686fe4fad3639df44d

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:   171326 3d966ce050b176961a34c8f14148ef18
          Size/MD5:     1005 acf698bd9a5e848b80343a49b3ab5f5b
          Size/MD5:   928420 93295701e6bcd76fabd6a271654ed15c

  Architecture independent packages:

          Size/MD5:     1056 ff5c9e1bc32aac160738d603fb3c9015

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:   165846 e483c01679c325ac0edeb5981cdba060
          Size/MD5:   610616 5a5b73f2d68a90385b2dd70c539cfb4a
          Size/MD5:   182038 bc2c80a21f2afde523a17e311233ebc5
          Size/MD5:   236212 90663453b5c114622627469f4ffd822a
          Size/MD5:    86868 12bbd3d97943ce3751a3186494c31798

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:   140068 8873836c923eb3205df376916b0c3669
          Size/MD5:   536704 801dcb0f46badf9ff4376a4484663b00
          Size/MD5:   151544 28e22a72700630c00231c843662ed755
          Size/MD5:   205490 7e5acb93eb0243e1272f1ffed0145112
          Size/MD5:    86476 091d1ca0ef964b1cbc714cb050ef558d

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:   158524 ae42600aed557c45556394035eacd10a
          Size/MD5:   593628 29d5510f526ddfa16a138b1d61c1cc75
          Size/MD5:   165942 d5d1c6333c9406b1bf623b4db1c8824a
          Size/MD5:   226264 166b3da3dd64758a38f7731dc0c16703
          Size/MD5:    88152 2860a81b3d8d554f5356bab74573504b

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:   149224 5f60da6926ed8b994cdc8dcf42b65088
          Size/MD5:   543560 c9003ef5e14236a26d3b3a7abb25db9f
          Size/MD5:   160664 51e52151d74fd317648700234478e638
          Size/MD5:   208870 6833a77599010cfe464f54bf0290b516
          Size/MD5:    86516 8dac0a82e5edaabfac6f8596a84ff884
Ubuntu: openssh vulnerabilities

Summary

Update Instructions

References

Package Information

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
