
USN-3061-1: OpenSSH vulnerabilities
USN-3061-1: OpenSSH vulnerabilities Ubuntu Security Notice USN-3061-1 15th August, 2016 openssh vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in OpenSSH. Software description openssh – secure shell (SSH) for secure access to remote machines Details Eddie Harari discovered that OpenSSH incorrectly handled password hashingwhen authenticating non-existing users. A remote attacker could perform atiming attack and enumerate valid users. (CVE-2016-6210) Tomas Kuthan, Andres Rojas, and Javier Nieto discovered that OpenSSH didnot limit password lengths. A remote attacker could use this issue to causeOpenSSH to consume resources, leading to a denial of service.(CVE-2016-6515) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: openssh-server 1:7.2p2-4ubuntu2.1 Ubuntu 14.04 LTS: openssh-server 1:6.6p1-2ubuntu2.8 Ubuntu 12.04 LTS: openssh-server [ more… ]