=========================================================== Ubuntu Security Notice USN-566-1 January 09, 2008 openssh vulnerability CVE-2007-4752 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: openssh-client 1:4.2p1-7ubuntu3.2 Ubuntu 6.10: openssh-client 1:4.3p2-5ubuntu1.1 Ubuntu 7.04: openssh-client 1:4.3p2-8ubuntu1.1 Ubuntu 7.10: openssh-client 1:4.6p1-5ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Jan Pechanec discovered that ssh would forward trusted X11 cookies when untrusted cookie generation failed. This could lead to unintended privileges being forwarded to a remote host. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1-7ubuntu3.2.diff.gz Size/MD5: 171681 14f6b5da9f73a4e256fcd316994057d0 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1-7ubuntu3.2.dsc Size/MD5: 1003 bce70ff72d54dbd8f86b635c78d67478 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1.orig.tar.gz Size/MD5: 928420 93295701e6bcd76fabd6a271654ed15c Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.2p1-7ubuntu3.2_all.deb Size/MD5: 1052 1ab5545e78502458610141793bb0b014 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.2_amd64.udeb Size/MD5: 165868 fa46d07fce9bbe752dcbdf59df0c9390 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.2_amd64.deb Size/MD5: 610818 38ec7a171bb438304136c8a2a7bdcdc3 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.2_amd64.deb Size/MD5: 236216 94c50d4e1df16ab4c4f7004f9d881373 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.2_amd64.deb Size/MD5: 87020 f93a0992414c66216c28da47f2e74e60 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.2_amd64.udeb Size/MD5: 182050 82b5a1cde86dc167a8edd40a047be063 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.2_i386.udeb Size/MD5: 140124 cb302b24cdb4c44c78ec742c27daf727 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.2_i386.deb Size/MD5: 536982 94b5757b8c264c362ff3f8ad06b9a4f7 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.2_i386.deb Size/MD5: 205486 c9bc37de1707f1ab7f68a501f273405b http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.2_i386.deb Size/MD5: 86652 1b64f659acc69b58925ccc8d9419db41 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.2_i386.udeb Size/MD5: 151552 33dda25a3ab6e1d25d7df1aba0db3192 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.2_powerpc.udeb Size/MD5: 158556 af98ece9e645d5e3eb1526ba15f507a8 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.2_powerpc.deb Size/MD5: 593834 50789b500b8d6c8c6cc32755ca7b50be http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.2_powerpc.deb Size/MD5: 226280 14f705f18879a098da14ab993e97e911 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.2_powerpc.deb Size/MD5: 88306 74be31b97ea0e3703bb4689595d5cedf http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.2_powerpc.udeb Size/MD5: 165946 9cbace722542d8830bd9eabd55996e5d sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.2_sparc.udeb Size/MD5: 149250 6085939fb512a09e7bb3b7a40da00521 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.2_sparc.deb Size/MD5: 543752 519d42bef1f63ab34e6a32a8cf24e6df http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.2_sparc.deb Size/MD5: 208862 cd2f9975a3b5721a8c97dd9b05a7c8a3 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.2_sparc.deb Size/MD5: 86670 eb785485fa84d7c03187c1d46b6e9424 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.2_sparc.udeb Size/MD5: 160666 537808f3e9019adeb740e0ef57ce98e7 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2-5ubuntu1.1.diff.gz Size/MD5: 167857 d9e68da421f0f3260094e60b9c4d2834 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2-5ubuntu1.1.dsc Size/MD5: 1008 7f2085328ec28bf55803fd8239b6d3c1 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2.orig.tar.gz Size/MD5: 920186 239fc801443acaffd4c1f111948ee69c Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.3p2-5ubuntu1.1_all.deb Size/MD5: 1108 f64ce86a8e1c785d418c26ae73612928 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-5ubuntu1.1_amd64.udeb Size/MD5: 171950 801b62d343559fc95e0801a0bd58d1ba http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-5ubuntu1.1_amd64.deb Size/MD5: 662800 159c39418537424f00ecff0b17234958 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-5ubuntu1.1_amd64.deb Size/MD5: 240784 4a6e48c394dbf3e3c55ed314df9c4626 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-5ubuntu1.1_amd64.deb Size/MD5: 99908 dc2638f377bdf36abdb9f5d694f6184e http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.3p2-5ubuntu1.1_amd64.udeb Size/MD5: 183800 bd2d096b27c81cc2684d570aecc2b373 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-5ubuntu1.1_i386.udeb Size/MD5: 155452 a7f17e87f8239590c322c032b6fd2811 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-5ubuntu1.1_i386.deb Size/MD5: 612304 6e19b5bcc87d847c890ba695ef314b8b http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-5ubuntu1.1_i386.deb Size/MD5: 217456 b17e8072e3d877578cab69a1e7feeb89 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-5ubuntu1.1_i386.deb Size/MD5: 99630 8458d10cb8c1a37ce80d522171d8a189 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.3p2-5ubuntu1.1_i386.udeb Size/MD5: 162612 a47812070e8a28d43f20152ac568d7ee powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-5ubuntu1.1_powerpc.udeb Size/MD5: 169740 93e4f1bdf7c807e325a5f1119d06fe0b http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-5ubuntu1.1_powerpc.deb Size/MD5: 651118 d7089043bb3bcd8dcd2e0de2c749fbb7 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-5ubuntu1.1_powerpc.deb Size/MD5: 232278 1eabc6d30db561c5466a9c0f6555890c http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-5ubuntu1.1_powerpc.deb Size/MD5: 101192 9e7fb7632ca7c21d3e8c3aeacbd90799 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.3p2-5ubuntu1.1_powerpc.udeb Size/MD5: 172536 ecbefff8112433428d925c11e4b4169f sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-5ubuntu1.1_sparc.udeb Size/MD5: 160072 ac01574cc4d6e0f4bfcd51843e247817 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-5ubuntu1.1_sparc.deb Size/MD5: 599408 eba2975d304002295c9a6ec165396b88 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-5ubuntu1.1_sparc.deb Size/MD5: 214408 242fe4117afde4fe64292ee6d6698e92 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-5ubuntu1.1_sparc.deb Size/MD5: 99588 b3588db55582792d17da3d077f692fba http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.3p2-5ubuntu1.1_sparc.udeb Size/MD5: 166842 0a8ffe02d8b95e0909413fab599292fa Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2-8ubuntu1.1.diff.gz Size/MD5: 265222 a561d015d53bac666abd33e5b52f3c1f http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2-8ubuntu1.1.dsc Size/MD5: 1074 0bec7f516f54455dd04e59463282aa8e http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2.orig.tar.gz Size/MD5: 920186 239fc801443acaffd4c1f111948ee69c Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.3p2-8ubuntu1.1_all.deb Size/MD5: 1088 6c4f3770bf09774db0113dd307c85d04 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/ssh-krb5_4.3p2-8ubuntu1.1_all.deb Size/MD5: 92944 85e114c75599cd59085f7496c0f8981b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-8ubuntu1.1_amd64.udeb Size/MD5: 172512 bf39f77a75f037fd276ce3e6dc10d8ab http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-8ubuntu1.1_amd64.deb Size/MD5: 691188 00df8ae792962e7fcdfb9f4964114322 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.3p2-8ubuntu1.1_amd64.udeb Size/MD5: 184482 f522250900948a4823d4850174fe374a http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-8ubuntu1.1_amd64.deb Size/MD5: 254094 34b4fe7791e7cbd57d00c687b64e5674 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-8ubuntu1.1_amd64.deb Size/MD5: 101328 1ae27812cb035fe51dcb992db5a2c750 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-8ubuntu1.1_i386.udeb Size/MD5: 155796 ea114d015bb9cc5bdec44f3ea4841d2a http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-8ubuntu1.1_i386.deb Size/MD5: 654808 f8ce9973955f74183d51bdf90bb5b8f8 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.3p2-8ubuntu1.1_i386.udeb Size/MD5: 163014 ed25beac118bb809a3ab756f4ecb9794 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-8ubuntu1.1_i386.deb Size/MD5: 236028 f69c3356f1cabb6cb196e8e399216e80 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-8ubuntu1.1_i386.deb Size/MD5: 101042 223c594f75b349795cd51b573df23f45 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-8ubuntu1.1_powerpc.udeb Size/MD5: 177398 a32566329c159f5590934be3f3040a63 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-8ubuntu1.1_powerpc.deb Size/MD5: 712502 d720497bb2ef4bda88b467959f268005 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.3p2-8ubuntu1.1_powerpc.udeb Size/MD5: 180814 a0afc10513e7aa1210c3d41d9c8a42f3 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-8ubuntu1.1_powerpc.deb Size/MD5: 256976 6a81e584a5eca081c29cefe35b130597 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-8ubuntu1.1_powerpc.deb Size/MD5: 103732 69355724a81ec5ea9021336b5fe9e07c sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-8ubuntu1.1_sparc.udeb Size/MD5: 163244 d73a336c58ab9e3a5cdce15f36fb90c5 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-8ubuntu1.1_sparc.deb Size/MD5: 702320 00c39e378fd46e8e427676870f216ff5 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.3p2-8ubuntu1.1_sparc.udeb Size/MD5: 170374 79d7d93a480f419f34763807341663d8 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-8ubuntu1.1_sparc.deb Size/MD5: 261180 2ea4900de18f669be202d62d556e265d http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-8ubuntu1.1_sparc.deb Size/MD5: 101282 329801fc72f1aeeda51a2b5a4c392961 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.6p1-5ubuntu0.1.diff.gz Size/MD5: 188056 e87505d2adc6eec749c628447226de18 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.6p1-5ubuntu0.1.dsc Size/MD5: 1169 a7c099a121256fbcf7ae78ba7a7797ae http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.6p1.orig.tar.gz Size/MD5: 946439 cee58cd226138191561fa2d484e18f49 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.6p1-5ubuntu0.1_all.deb Size/MD5: 1098 a57b417d9207663cd71ed92bf37a48f5 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/ssh-krb5_4.6p1-5ubuntu0.1_all.deb Size/MD5: 80130 3d80a9efa4865ce6bbaea4ff621909ba amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.6p1-5ubuntu0.1_amd64.udeb Size/MD5: 175794 8837ac43a72627a988000a610701ba1a http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.6p1-5ubuntu0.1_amd64.deb Size/MD5: 696060 9cb74b65d2da68ebbc24aabc1cbf402c http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.6p1-5ubuntu0.1_amd64.udeb Size/MD5: 191914 c2582fef7e5ed552bc46bbd15c915600 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.6p1-5ubuntu0.1_amd64.deb Size/MD5: 266644 bdccfb352eb0310d68f30985b0ca9065 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.6p1-5ubuntu0.1_amd64.deb Size/MD5: 88238 4bf02a6dcf3e13b8b2156295dc369fed i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.6p1-5ubuntu0.1_i386.udeb Size/MD5: 158100 4c1c7346697d6ed3b34761ab48b9c108 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.6p1-5ubuntu0.1_i386.deb Size/MD5: 656418 336648e38ea4801df4e00c9f0b5b617b http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.6p1-5ubuntu0.1_i386.udeb Size/MD5: 168976 c3519796b519cb6c77dfa73c63869af2 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.6p1-5ubuntu0.1_i386.deb Size/MD5: 247478 ef17f2733cc0cce2a029a7fd20efc646 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.6p1-5ubuntu0.1_i386.deb Size/MD5: 87884 cdd111d7fb772f11911aeb42123de183 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.6p1-5ubuntu0.1_powerpc.udeb Size/MD5: 180182 0be10cde2daf064eb97280869d5442b0 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.6p1-5ubuntu0.1_powerpc.deb Size/MD5: 716850 41052f53a105537c67dfecaf4a4ffe67 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.6p1-5ubuntu0.1_powerpc.udeb Size/MD5: 187274 761a50b0dff026d1242b5a4a9b56b041 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.6p1-5ubuntu0.1_powerpc.deb Size/MD5: 269560 3588db0fbc60fd88bc405d9fd0850d52 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.6p1-5ubuntu0.1_powerpc.deb Size/MD5: 90618 84eb8f4a8807116dede79bef23b57908 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.6p1-5ubuntu0.1_sparc.udeb Size/MD5: 166096 a6716d0be9f274e7d34c6ffb307a03bf http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.6p1-5ubuntu0.1_sparc.deb Size/MD5: 707386 08df83d8258a49f5e836de2564becc26 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.6p1-5ubuntu0.1_sparc.udeb Size/MD5: 176716 d35c1e968250eca2d3257439fd3b624e http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.6p1-5ubuntu0.1_sparc.deb Size/MD5: 274466 e3df04fe90a3aba73f47cea95b98f0e0 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.6p1-5ubuntu0.1_sparc.deb Size/MD5: 88218 ae3f401b37945d5c0ee04d14dd4388b4
Attachment:
signature.asc
Description: Digital signature