Ubuntu Update for Linux kernel vulnerabilities USN-612-2

Please Install the Updated Packages.

1. Install the security updates Ubuntu 7.04: openssh-client 1:4.3p2-8ubuntu1.3 openssh-server 1:4.3p2-8ubuntu1.3 Ubuntu 7.10: openssh-client 1:4.6p1-5ubuntu0.3 openssh-server 1:4.6p1-5ubuntu0.3 Ubuntu 8.04 LTS: openssh-client 1:4.7p1-8ubuntu1.1 openssh-server 1:4.7p1-8ubuntu1.1 Once the update is applied, weak user keys will be automatically rejected where possible (though they cannot be detected in all cases). If you are using such keys for user authentication, they will immediately stop working and will need to be replaced (see step 3). OpenSSH host keys can be automatically regenerated when the OpenSSH security update is applied. The update will prompt for confirmation before taking this step. 2. Update OpenSSH known_hosts files The regeneration of host keys will cause a warning to be displayed when connecting to the system using SSH until the host key is updated in the known_hosts file. The warning will look like this: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. In this case, the host key has simply been changed, and you should update the relevant known_hosts file as indicated in the error message. 3. Check all OpenSSH user keys The safest course of action is to regenerate all OpenSSH user keys, except where it can be established to a high degree of certainty that the key was generated on an unaffected system. Check whether your key is affected by running the ssh-vulnkey tool, included in the security update. By default, ssh-vulnkey will check the standard location for user keys (~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity), your authorized_keys file (~/.ssh/authorized_keys and ~/.ssh/authorized_keys2), and the system's host keys (/etc/ssh/ssh_host_dsa_key and /etc/ssh/ssh_host_rsa_key). To check all your own keys, assuming they are in the standard locations (~/.ssh/id_rsa, ~/.ssh/id_dsa, or ~/.ssh/identity): $ ssh-vulnkey To check all keys on your system: $ sudo ssh-vulnkey -a To check a key in a non-standard location: $ ssh-vulnkey /path/to/key If ssh-vul ... Description truncated, for more information please check the Reference URL

openssh vulnerability on Ubuntu 7.04 , Ubuntu 7.10 , Ubuntu 8.04 LTS

• https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-May/000706.html

---

Updated on 2015-03-25