Ubuntu Update For Openssh USN-2164-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Matthew Vernon discovered that OpenSSH did not correctly check SSHFP DNS records if a server presented an unacceptable host certificate. A malicious server could use this issue to disable SSHFP checking.

Affected

openssh on Ubuntu 13.10 , Ubuntu 12.10 , Ubuntu 12.04 LTS

Severity

Classification

CVE CVE-2014-2653

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Ubuntu Update for cinder USN-1731-1
Ubuntu Update for apache2 vulnerability USN-990-2
Ubuntu Update for apache2 USN-1368-1
Ubuntu Update for apt USN-1762-1
Ubuntu Update for clamav vulnerability USN-986-2

Ubuntu Update for openssh USN-2164-1

Take action and discover your vulnerabilities