=========================================================== Ubuntu Security Notice USN-597-1 April 01, 2008 openssh vulnerability CVE-2008-1483 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: openssh-client 1:4.2p1-7ubuntu3.3 Ubuntu 6.10: openssh-client 1:4.3p2-5ubuntu1.2 Ubuntu 7.04: openssh-client 1:4.3p2-8ubuntu1.2 Ubuntu 7.10: openssh-client 1:4.6p1-5ubuntu0.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Timo Juhani Lindfors discovered that the OpenSSH client, when port forwarding was requested, would listen on any available address family. A local attacker could exploit this flaw on systems with IPv6 enabled to hijack connections, including X11 forwards. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1-7ubuntu3.3.diff.gz Size/MD5: 171837 216f11e247dfeb681cd75c033cc2fc5c http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1-7ubuntu3.3.dsc Size/MD5: 1003 3902e4c29bba7ee62b48c9641bd0bc76 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1.orig.tar.gz Size/MD5: 928420 93295701e6bcd76fabd6a271654ed15c Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.2p1-7ubuntu3.3_all.deb Size/MD5: 1052 5e47eabdf3306595bef55704b3d80702 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.3_amd64.udeb Size/MD5: 165878 c18cc9d5cbf4f83e9e7730a43c18dba6 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.3_amd64.deb Size/MD5: 610832 5479cad40052592557e93b64536a45c6 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.3_amd64.deb Size/MD5: 236222 4d98f6e82ae9d26e73d12ec2e429dd14 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.3_amd64.deb Size/MD5: 87126 9e041ad9534dc99cb01aa6261acf071f http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.3_amd64.udeb Size/MD5: 182086 7b52e535986415799f89b04ea95df8ae i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.3_i386.udeb Size/MD5: 140116 99bac142d2bfd0d1bdd61ce8a6a917fc http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.3_i386.deb Size/MD5: 537108 c828718a152abc20cd547c39653ec67b http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.3_i386.deb Size/MD5: 205484 c495cf9d7d25e95b9d9baa9a873ccfca http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.3_i386.deb Size/MD5: 86768 a3a6c7aa8840720498b811b5a0b814b5 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.3_i386.udeb Size/MD5: 151548 c657878eb1b8a91897925914aab0bab8 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.3_powerpc.udeb Size/MD5: 158552 4aada820956ab80eb424713956347551 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.3_powerpc.deb Size/MD5: 594088 26dbbb6ff0359f11dfe280f06d9ebaf0 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.3_powerpc.deb Size/MD5: 226268 8916980ee9d4ef41b77a89ca56f891d9 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.3_powerpc.deb Size/MD5: 88420 dca6aabe6e164cd90e2b35cffe934a14 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.3_powerpc.udeb Size/MD5: 165904 e6e6f51d1c67732ed9dbc7fad4669ef0 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.3_sparc.udeb Size/MD5: 149268 6a92b75179eea1972b082892bd8750de http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.3_sparc.deb Size/MD5: 543862 be125ef3611c0aa2f2e5ed0f8c36a250 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.3_sparc.deb Size/MD5: 208864 9f9c4e3b1ec44ccda77a00e674f200be http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.3_sparc.deb Size/MD5: 86794 1e6fceb45f5732053ab06be561b089b3 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.3_sparc.udeb Size/MD5: 160702 b5195d1a74c787b35a7517b0c53ba63b Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2-5ubuntu1.2.diff.gz Size/MD5: 168042 5672e4c18795bbedbe025d80cee170c0 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2-5ubuntu1.2.dsc Size/MD5: 1008 22075bd89d5030cd40e3eddf56b51958 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2.orig.tar.gz Size/MD5: 920186 239fc801443acaffd4c1f111948ee69c Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.3p2-5ubuntu1.2_all.deb Size/MD5: 1100 61ffbef59843a549f742da88c456e309 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-5ubuntu1.2_amd64.udeb Size/MD5: 171956 12d9cc34858461aec2af702a80455e84 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-5ubuntu1.2_amd64.deb Size/MD5: 662860 c94742bbd1fc245961c1457c28d4a620 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-5ubuntu1.2_amd64.deb Size/MD5: 240798 c5710561e171555dc9d51407b91f67c8 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-5ubuntu1.2_amd64.deb Size/MD5: 100026 88915b91b746ae83ae6446fad2097159 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.3p2-5ubuntu1.2_amd64.udeb Size/MD5: 183810 bebfe8b9c8c214943ea34f57b4be0e73 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-5ubuntu1.2_i386.udeb Size/MD5: 155430 ba07c6d05c5b2fcfab23525ab1d2a9e2 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-5ubuntu1.2_i386.deb Size/MD5: 612374 cec1d2eb7071bd77af0f97bdd1e87127 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-5ubuntu1.2_i386.deb Size/MD5: 217444 ac4a4ea32498fcfb85555ef7eed06f47 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-5ubuntu1.2_i386.deb Size/MD5: 99750 c393d03129303dacabe615941a236d70 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.3p2-5ubuntu1.2_i386.udeb Size/MD5: 162594 c0bfed177f9ada9861e499ebb763d79d powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-5ubuntu1.2_powerpc.udeb Size/MD5: 169730 224851fea13b7c3710fc8995772f0a45 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-5ubuntu1.2_powerpc.deb Size/MD5: 651210 181d78aa90afc797f6e6a513c4e9d2b5 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-5ubuntu1.2_powerpc.deb Size/MD5: 232302 16847acac5b087337bb02cf4d4fd57ef http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-5ubuntu1.2_powerpc.deb Size/MD5: 101312 c95917858fdc4fe937e6ab63e17973c3 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.3p2-5ubuntu1.2_powerpc.udeb Size/MD5: 172480 7228dc84886c03652e50a2b84745224b sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-5ubuntu1.2_sparc.udeb Size/MD5: 160058 0d9ad412a2e50a4f62c950c111419887 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-5ubuntu1.2_sparc.deb Size/MD5: 599452 ee374a2e26423cc41422b4cea24ebb75 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-5ubuntu1.2_sparc.deb Size/MD5: 214388 7e470015f5705e7c866692c08364dfa4 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-5ubuntu1.2_sparc.deb Size/MD5: 99704 7eca83add879793d979af67d9a287425 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.3p2-5ubuntu1.2_sparc.udeb Size/MD5: 166838 6115b3e0baa6e32b851cbfe8f21b99af Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2-8ubuntu1.2.diff.gz Size/MD5: 265384 fed3e4874f40b6475edd015b654693ca http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2-8ubuntu1.2.dsc Size/MD5: 1074 cd1a6520c1dca6eb6f9479d3c6c81cea http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2.orig.tar.gz Size/MD5: 920186 239fc801443acaffd4c1f111948ee69c Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.3p2-8ubuntu1.2_all.deb Size/MD5: 1084 c66f25a64619593a467260c38d3113d9 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/ssh-krb5_4.3p2-8ubuntu1.2_all.deb Size/MD5: 93068 221e4a1b96fc9a5be476f6095c65b35c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-8ubuntu1.2_amd64.udeb Size/MD5: 172486 111d3628f5c3a7d9b7e1bb04438a4093 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-8ubuntu1.2_amd64.deb Size/MD5: 691282 7094027a354d92154f4193f67fe88201 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.3p2-8ubuntu1.2_amd64.udeb Size/MD5: 184488 5beea05c07e0a614dbcbb8ea663853bb http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-8ubuntu1.2_amd64.deb Size/MD5: 254096 2f8686e2da6b7a55864f809a46c1be02 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-8ubuntu1.2_amd64.deb Size/MD5: 101438 bf59a63f2fb039d23582db8907b5978f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-8ubuntu1.2_i386.udeb Size/MD5: 155802 9e64db938cc7eb701ae541b90c1f76ce http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-8ubuntu1.2_i386.deb Size/MD5: 654874 770a9632542f4456ce57db9ccefef8dc http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.3p2-8ubuntu1.2_i386.udeb Size/MD5: 162994 907b641a56f0330eba2099ce3a8fc543 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-8ubuntu1.2_i386.deb Size/MD5: 236022 e9ae72242b33aef00ea801dd7e8f447b http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-8ubuntu1.2_i386.deb Size/MD5: 101150 613d2dd5213af02a3bc081234422e795 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-8ubuntu1.2_powerpc.udeb Size/MD5: 177386 b58f7bc4b63e86c2347c7f69a247d2b2 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-8ubuntu1.2_powerpc.deb Size/MD5: 712516 47a0be3beb6f0aaa616d4cee568c3a72 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.3p2-8ubuntu1.2_powerpc.udeb Size/MD5: 180834 447c4a8e80fd7255c2d0c9448fd19d6b http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-8ubuntu1.2_powerpc.deb Size/MD5: 257010 c1c5731be72a82f93b7ed3215e432d0f http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-8ubuntu1.2_powerpc.deb Size/MD5: 103906 3133a245c90ab9edc08c425d2d4b4a5e sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-8ubuntu1.2_sparc.udeb Size/MD5: 163268 1bbf94e36877e3a36624746c3f895858 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-8ubuntu1.2_sparc.deb Size/MD5: 702316 30a773daf182c4d156922fa3e61a0826 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.3p2-8ubuntu1.2_sparc.udeb Size/MD5: 170356 c8647ecc728d77aaadc29395396e93db http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-8ubuntu1.2_sparc.deb Size/MD5: 261142 b1f4e31c6f0882f2973f7e81c47a0385 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-8ubuntu1.2_sparc.deb Size/MD5: 101390 a91dc46eb0726f06133717df9d054e80 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.6p1-5ubuntu0.2.diff.gz Size/MD5: 188249 4a5cfad0640d13b665ecdf7fc2685ee3 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.6p1-5ubuntu0.2.dsc Size/MD5: 1169 47fc3f0e3cfc6e5ae9f11948fd287165 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.6p1.orig.tar.gz Size/MD5: 946439 cee58cd226138191561fa2d484e18f49 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.6p1-5ubuntu0.2_all.deb Size/MD5: 1094 7ebb9c93e0ce5e2abd99e53df6447741 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/ssh-krb5_4.6p1-5ubuntu0.2_all.deb Size/MD5: 80244 de8bc5959a6a5962d3c9d646bba5c7bb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.6p1-5ubuntu0.2_amd64.udeb Size/MD5: 175878 b11a5712beef7547615dcba520d2e323 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.6p1-5ubuntu0.2_amd64.deb Size/MD5: 696454 a3d8d59c019a494cc821fb1169940674 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.6p1-5ubuntu0.2_amd64.udeb Size/MD5: 191976 cef956003caa9ae201e49b687afabd75 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.6p1-5ubuntu0.2_amd64.deb Size/MD5: 266714 2fa98d4f7910ed6eb6e5c01c3d9fdc67 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.6p1-5ubuntu0.2_amd64.deb Size/MD5: 88382 ec70425a10aa35781175b19422c06ec5 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.6p1-5ubuntu0.2_i386.udeb Size/MD5: 158194 0cfdf097b212a881220b920273f6c37a http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.6p1-5ubuntu0.2_i386.deb Size/MD5: 656828 bf563187fbbd6eb6bd08467f522a4749 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.6p1-5ubuntu0.2_i386.udeb Size/MD5: 169028 d44cd4a31b1a8e879e2a44220847a246 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.6p1-5ubuntu0.2_i386.deb Size/MD5: 247578 e91b2014ac012f6276746390ee68b584 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.6p1-5ubuntu0.2_i386.deb Size/MD5: 88032 95ad2c683cf079ebf1e2207bef66a876 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.6p1-5ubuntu0.2_powerpc.udeb Size/MD5: 180234 5e3cd63862b4659de83de44299d1e153 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.6p1-5ubuntu0.2_powerpc.deb Size/MD5: 717230 14e30fed3d0dade9bd851df3b125cf0e http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.6p1-5ubuntu0.2_powerpc.udeb Size/MD5: 187310 f23b8a5fa0b602f21ec230c8ebc442a7 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.6p1-5ubuntu0.2_powerpc.deb Size/MD5: 269624 3d2cd008a087d3deecb7d65e54517f01 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.6p1-5ubuntu0.2_powerpc.deb Size/MD5: 90756 43aa8a4cd34884f24e5c412d581e87cb sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.6p1-5ubuntu0.2_sparc.udeb Size/MD5: 166152 4bb1de1ee32945c51f492e95aa47b350 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.6p1-5ubuntu0.2_sparc.deb Size/MD5: 707646 a97dd22b1a8181239b4483689f876430 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.6p1-5ubuntu0.2_sparc.udeb Size/MD5: 176762 0eff3109cf41ece689470902599e8e4a http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.6p1-5ubuntu0.2_sparc.deb Size/MD5: 274528 978fecd7269599ea851d972ef3b3d6a6 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.6p1-5ubuntu0.2_sparc.deb Size/MD5: 88352 b60a65f9604f90c7618ebd1a565ae5e2
Attachment:
signature.asc
Description: Digital signature