You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa openssh

Sigurnosni nedostaci programskog paketa openssh

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3885-1
February 07, 2019

openssh vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in OpenSSH.

Software Description:
– openssh: secure shell (SSH) for secure access to remote machines

Details:

Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a
user or automated system were tricked into connecting to an untrusted
server, a remote attacker could possibly use these issues to write to
arbitrary files, change directory permissions, and spoof client output.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
openssh-client 1:7.7p1-4ubuntu0.2

Ubuntu 18.04 LTS:
openssh-client 1:7.6p1-4ubuntu0.2

Ubuntu 16.04 LTS:
openssh-client 1:7.2p2-4ubuntu2.7

Ubuntu 14.04 LTS:
openssh-client 1:6.6p1-2ubuntu2.12

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3885-1
CVE-2018-20685, CVE-2019-6109, CVE-2019-6111

Package Information:
https://launchpad.net/ubuntu/+source/openssh/1:7.7p1-4ubuntu0.2
https://launchpad.net/ubuntu/+source/openssh/1:7.6p1-4ubuntu0.2
https://launchpad.net/ubuntu/+source/openssh/1:7.2p2-4ubuntu2.7
https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.12

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlxcfooACgkQZWnYVadE
vpOYSg//WWo5gERWyKT2F4bZgsnrdY11JLEBSJl0XfI3NotCDVjR07fcJfbXUc41
pbJNKgKp2h0av5SXl+q0wN1EkNiqM0W7/Q/xyiJkY++03OGP4SIXFxVh9MdB6HTt
o/bQ+vmdbOglXbubF3mv53F7PVZAAB9K+ThlXfCZTPUbuEehpU/V/0wRHWkceuUk
raV6Tjv/29OdX/LZoe3uQsfMD/6dDsjkF5Uq85EtpPtm1dFE0Go709lGs6Y3Btp9
558EdKfFUuZu2s4XlSQoqxHKaq7vTgiP8mEE9M1rQyLiqaBpK26WKrPnchohIALX
MslULSHZgI9lHAKoBTilO7KFQ/KsKCe2JLlcagpt2rgMFti4W5Q0jRUWUSrzyYOW
s+x+jKsi1U76P4ZDlK7AkA3eEuRcoXh2Vx/EsqpzQ57VXmXlzv11+Sp3a4eDrWT/
xkF3DT6vtT5KBnQkxJRHHw5fTQG5fSvhjuDzHoQI2ZjsN7+Ox3HNQPWcKpl+KHLX
t7Ht9xkw3G+U7ngqbE07qWs3P2TJTyQaCV1DjDtdY3AMnrs9xRy6ZwHbkCeRC0Fm
M78oen6cf8qYdVI9K2KF6tzF6MJ3Z7wCh67VwG8kUbilDb3mE8k0FBEnw6XISBMA
jIoBXthMjhLi+LqABjF95vwSGCChoKjdtRlWmNyEX4BYlmILjpQ=
=arg7
—–END PGP SIGNATURE—–

AutorJosip Papratovic
Cert idNCERT-REF-2019-02-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libarchive

Otkriveni su sigurnosni nedostaci programske biblioteke libarchive za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja. Savjetuje...

Close