You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa libssh

Sigurnosni nedostatak programskog paketa libssh

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2145-1
March 12, 2014

libssh vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 13.10
– Ubuntu 12.10
– Ubuntu 12.04 LTS

Summary:

A security issue was fixed in libssh.

Software Description:
– libssh: A tiny C SSH library

Details:

Aris Adamantiadis discovered that libssh allowed the OpenSSL PRNG state to
be reused when implementing forking servers. This could allow an attacker
to possibly obtain information about the state of the PRNG and perform
cryptographic attacks.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
libssh-4 0.5.4-1ubuntu0.1

Ubuntu 12.10:
libssh-4 0.5.2-1ubuntu0.12.10.3

Ubuntu 12.04 LTS:
libssh-4 0.5.2-1ubuntu0.12.04.3

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2145-1
CVE-2014-0017

Package Information:
https://launchpad.net/ubuntu/+source/libssh/0.5.4-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libssh/0.5.2-1ubuntu0.12.10.3
https://launchpad.net/ubuntu/+source/libssh/0.5.2-1ubuntu0.12.04.3

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTIGQ0AAoJEGVp2FWnRL6TCaMP/ifBe6uA5hCWq/pS8AUJiYVl
CCT34mMN7WiywnokfaWMgdXMM//1AeXIcneTNgPUSNoghkA2uaLFns/kt/XBOnrY
T8WJvSW+BFLu3TJAjhBjOdmotXDn+XtSXfMbW41JI0IYOI1njFqMRFjSPV715sW/
/uQflysS0bk2yxptOxc/Lvv9M2SYbnJnJxIqVk6g0S8rxxp6Rc+10bu2qKC50T18
9jN3uC1hKnbzY4hKW1TOt8q9G3TDHafQiINpQbbg2jnuRvp85uGzqWwIC4kfvoQ5
n+NGWK7OobjaWoFqf1n+XWkvaTQBt53XIFuxvAynW6SHn9J0hzeHUFZkfXmMm3QX
aKQNnaJ9DtNVSZJlUXhaH1guALZqnpFFOeJ0L1lgHv1LaWs0VvG2ooL1smBOC6Up
jAbMT4PLdYlUDWMaQfhBqpnrpOUa30nb6WRY5q6l7Pe+sHS3VlMPbPP2/TZA2G8j
8zaFhUqFOeYAxwtR95hhHoT0q7GsOaBr4E4jml10uxIPqM5oXATLODpIWwNX7X/T
WPxjacJ/6l+9mXB0EE+3CPGbbm6sqnzsFhDhFgHO2IJQnnqYzIiBS19MUuX4wflq
FuCA2hcKmbcdWKhKT6ZbAGvKn6hbh8K/CwuakuAfnNnVqBx8PFfEcz+3kUBveJtA
thX1Ael1UaUICN/rTOEg
=mxt+
—–END PGP SIGNATURE—–

AutorMarko Stanec
Cert idNCERT-REF-2014-03-0021-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostaci programskih paketa cups i cups-filters

Otkriveni su sigurnosni nedostaci u programskim paketima cups i cups-filters za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izvršavanja...

Close