=========================================================== Ubuntu Security Notice USN-355-1 October 02, 2006 openssh vulnerabilities CVE-2006-4924, CVE-2006-5051 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: openssh-server 1:3.9p1-1ubuntu2.3 Ubuntu 5.10: openssh-server 1:4.1p1-7ubuntu4.2 Ubuntu 6.06 LTS: openssh-server 1:4.2p1-7ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Tavis Ormandy discovered that the SSH daemon did not properly handle authentication packets with duplicated blocks. By sending specially crafted packets, a remote attacker could exploit this to cause the ssh daemon to drain all available CPU resources until the login grace time expired. (CVE-2006-4924) Mark Dowd discovered a race condition in the server's signal handling. A remote attacker could exploit this to crash the server. (CVE-2006-5051) Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_3.9p1-1ubuntu2.3.diff.gz Size/MD5: 143243 ee5b491cf023e53b4991fe319da669aa http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_3.9p1-1ubuntu2.3.dsc Size/MD5: 866 237dcc91dde3201ba0bc5b9372654708 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_3.9p1.orig.tar.gz Size/MD5: 832804 530b1dcbfe7a4a4ce4959c0775b85a5a Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_3.9p1-1ubuntu2.3_all.deb Size/MD5: 31312 a25012353606283dbae09b56dc60f1bb amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_3.9p1-1ubuntu2.3_amd64.udeb Size/MD5: 166846 b0507203d786efa365cef305acc0b790 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_3.9p1-1ubuntu2.3_amd64.deb Size/MD5: 544562 4464ce148432194666a3fd7fae5b884f http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_3.9p1-1ubuntu2.3_amd64.udeb Size/MD5: 179290 2774b437173889390312fab14a0d9edf http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_3.9p1-1ubuntu2.3_amd64.deb Size/MD5: 279624 deb54b320447ab79b8d8fb351c04960d http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_3.9p1-1ubuntu2.3_amd64.deb Size/MD5: 62924 083fd0c899ed8c0c088f6f659d2fd017 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_3.9p1-1ubuntu2.3_i386.udeb Size/MD5: 139452 31deaca18b94b27d52c1870d86810db4 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_3.9p1-1ubuntu2.3_i386.deb Size/MD5: 492810 8df816ca89945adc93e80d49f53aebe6 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_3.9p1-1ubuntu2.3_i386.udeb Size/MD5: 149160 632d59e71b6a3f5aab50e4cfd3842442 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_3.9p1-1ubuntu2.3_i386.deb Size/MD5: 256218 5f9791afb335d57cd1a830c1e886ee08 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_3.9p1-1ubuntu2.3_i386.deb Size/MD5: 62512 9f21ce3a1134980ec47c1e99cf62ff61 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_3.9p1-1ubuntu2.3_powerpc.udeb Size/MD5: 159886 447da8535b3b4c0b85fefd44e01f4c4d http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_3.9p1-1ubuntu2.3_powerpc.deb Size/MD5: 541254 8d16c7e18fef84ab8f6a435c8c988b93 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_3.9p1-1ubuntu2.3_powerpc.udeb Size/MD5: 163428 e0ca6e79f907c35e2c32e515b8e808dd http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_3.9p1-1ubuntu2.3_powerpc.deb Size/MD5: 273640 c8e00fcbe413ac902ccc4dca508572f2 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_3.9p1-1ubuntu2.3_powerpc.deb Size/MD5: 64092 a88a46209fac664959c35b36fb93066e Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.1p1-7ubuntu4.2.diff.gz Size/MD5: 158624 fc0f2620cc3fc07ad4ea050b675e5f1b http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.1p1-7ubuntu4.2.dsc Size/MD5: 971 cd61da4d0742c684aaf90b8390252818 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.1p1.orig.tar.gz Size/MD5: 909689 3709109adf0b82176668b3d3478dd033 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.1p1-7ubuntu4.2_all.deb Size/MD5: 1050 d520acb54639c9b900b973c08e1a5fe8 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.1p1-7ubuntu4.2_amd64.udeb Size/MD5: 162614 0e4e07c663d0f33f3fd73a0b6c2e433a http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.1p1-7ubuntu4.2_amd64.deb Size/MD5: 584852 bb1ac6382aa349a7bea3cccf0948117e http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.1p1-7ubuntu4.2_amd64.udeb Size/MD5: 179490 a1bccf78a412d6799d25f0ca73ab4623 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.1p1-7ubuntu4.2_amd64.deb Size/MD5: 223914 ec3d782f9c3b88c97cea3b928e458fea http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.1p1-7ubuntu4.2_amd64.deb Size/MD5: 78228 02951ff37cc638222a067c77b808523d i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.1p1-7ubuntu4.2_i386.udeb Size/MD5: 138272 3a49a90c6f6f9f52c775aeecb05caf76 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.1p1-7ubuntu4.2_i386.deb Size/MD5: 515080 0100950f90ddd99704be28b2c9ff8478 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.1p1-7ubuntu4.2_i386.udeb Size/MD5: 149782 c89f7310123da769a7eec86d6ba72a6a http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.1p1-7ubuntu4.2_i386.deb Size/MD5: 195292 7cf57e81b03dce633eb56bdc44655c89 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.1p1-7ubuntu4.2_i386.deb Size/MD5: 77944 15d8e58dd24c85d380432bc3b7a633c7 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.1p1-7ubuntu4.2_powerpc.udeb Size/MD5: 155858 f4f64f9b3de12bfc043661e8e31d090c http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.1p1-7ubuntu4.2_powerpc.deb Size/MD5: 569144 baabd24742192f1df2ceb5220d540937 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.1p1-7ubuntu4.2_powerpc.udeb Size/MD5: 163322 42064b77c600c04ba5441876830a772d http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.1p1-7ubuntu4.2_powerpc.deb Size/MD5: 215386 c4360aa642d117f539ff2d1082ae705b http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.1p1-7ubuntu4.2_powerpc.deb Size/MD5: 79512 e25ff733bd60854f7a42cfa0c636eb7d sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.1p1-7ubuntu4.2_sparc.udeb Size/MD5: 147902 13d070c8101686ef53e062c136d609be http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.1p1-7ubuntu4.2_sparc.deb Size/MD5: 524974 c67b3c3cd75b37b9e10d03033e657c7c http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.1p1-7ubuntu4.2_sparc.udeb Size/MD5: 158836 a425ab0c6cbc9ae5dd09a4880a36e374 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.1p1-7ubuntu4.2_sparc.deb Size/MD5: 199192 85892b06e6780bba357d9c68ff36e0fd http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.1p1-7ubuntu4.2_sparc.deb Size/MD5: 77982 ab47361323b0a7686fe4fad3639df44d Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1-7ubuntu3.1.diff.gz Size/MD5: 171326 3d966ce050b176961a34c8f14148ef18 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1-7ubuntu3.1.dsc Size/MD5: 1005 acf698bd9a5e848b80343a49b3ab5f5b http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1.orig.tar.gz Size/MD5: 928420 93295701e6bcd76fabd6a271654ed15c Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.2p1-7ubuntu3.1_all.deb Size/MD5: 1056 ff5c9e1bc32aac160738d603fb3c9015 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.1_amd64.udeb Size/MD5: 165846 e483c01679c325ac0edeb5981cdba060 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.1_amd64.deb Size/MD5: 610616 5a5b73f2d68a90385b2dd70c539cfb4a http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.1_amd64.udeb Size/MD5: 182038 bc2c80a21f2afde523a17e311233ebc5 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.1_amd64.deb Size/MD5: 236212 90663453b5c114622627469f4ffd822a http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.1_amd64.deb Size/MD5: 86868 12bbd3d97943ce3751a3186494c31798 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.1_i386.udeb Size/MD5: 140068 8873836c923eb3205df376916b0c3669 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.1_i386.deb Size/MD5: 536704 801dcb0f46badf9ff4376a4484663b00 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.1_i386.udeb Size/MD5: 151544 28e22a72700630c00231c843662ed755 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.1_i386.deb Size/MD5: 205490 7e5acb93eb0243e1272f1ffed0145112 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.1_i386.deb Size/MD5: 86476 091d1ca0ef964b1cbc714cb050ef558d powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.1_powerpc.udeb Size/MD5: 158524 ae42600aed557c45556394035eacd10a http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.1_powerpc.deb Size/MD5: 593628 29d5510f526ddfa16a138b1d61c1cc75 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.1_powerpc.udeb Size/MD5: 165942 d5d1c6333c9406b1bf623b4db1c8824a http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.1_powerpc.deb Size/MD5: 226264 166b3da3dd64758a38f7731dc0c16703 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.1_powerpc.deb Size/MD5: 88152 2860a81b3d8d554f5356bab74573504b sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.1_sparc.udeb Size/MD5: 149224 5f60da6926ed8b994cdc8dcf42b65088 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.1_sparc.deb Size/MD5: 543560 c9003ef5e14236a26d3b3a7abb25db9f http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.1_sparc.udeb Size/MD5: 160664 51e52151d74fd317648700234478e638 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.1_sparc.deb Size/MD5: 208870 6833a77599010cfe464f54bf0290b516 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.1_sparc.deb Size/MD5: 86516 8dac0a82e5edaabfac6f8596a84ff884
Attachment:
signature.asc
Description: Digital signature