Ubuntu
openssh package

Upgrading of OpenSSH on 10.04 LTS

Bug #1076306 reported by Pieter Jacobs
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Won't Fix
Undecided
Unassigned

Bug Description

We have servers running 10.04 LTS with OpenSSH client and server 5.3, but our clients brought to our attention that there are security vulnerabilities and we need to upgrade to 5.8 but there is no way I managed to do so other than downloading the 5.8 deb packages and installing them, but I'm sure that just by running apt-get update/upgrade/dist-upgrade, the packages should upgrade especially due to the fact that there are security vulnerabilities and it is an LTS version.

I actually found a problem after installing the deb files/packages though in that as soon as you execute 'apt-get dist-upgrade', I get the message stating 'You might want to run `apt-get -f install' to correct these' and when I do run 'apt-get -f install', I get the message 'The following packages will be REMOVED: libssl1.0.0 openssh-client openssh-server'.

This is a serious issue for us, and would appreciate some help in the matter.

Thanks!

Tags: bot-comment

CVE References

Pieter Jacobs (i4-pmvter-md)
information type: Private Security → Public
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https://wiki.ubuntu.com/Bugs/FindRightPackage. You might also ask for help in the #ubuntu-bugs irc channel on Freenode.

To change the source package that this bug is filed about visit https://bugs.launchpad.net/ubuntu/+bug/1076306/+editstatus and add the package name in the text box next to the word Package.

[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]

tags: added: bot-comment
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Ubuntu backports security fixes to stable versions of software it shipped with. Although 10.04 LTS has openssh version 5.3, the security issues were corrected in that version.

The only known security issue in openssh in Ubuntu 10.04 LTS is CVE-2011-5000, and that is a low priority issue that may only get fixed next time there is a more serious issue to fix at the same time.

See the security team FAQ:

https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions

Thanks.

affects: ubuntu → openssh (Ubuntu)
Changed in openssh (Ubuntu):
status: New → Won't Fix
Revision history for this message
Pieter Jacobs (i4-pmvter-md) wrote :

Hey Marc,

Thanks a lot for the reply and thanks, I will relay your response to the relevant people.

Enjoy the weekend!

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.