Launchpad CVE tracker

CVE 2014-2653

The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.

Related bugs and status

CVE-2014-2653 (Candidate) is related to these bugs:

Bug #1244736: upstart configuration for user launches an extra ssh-agent

Summary				In	Importance	Status
	1244736	upstart configuration for user launches an extra ssh-agent		gnome-session (Ubuntu)	Undecided	Confirmed
	1244736	upstart configuration for user launches an extra ssh-agent		openssh (Ubuntu)	Undecided	Fix Released

Bug #1298280: Update OpenSSH to 6.6

Summary				In	Importance	Status
	1298280	Update OpenSSH to 6.6		openssh (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2014032...
CONFIRM: https://bugs.debian.or...
DEBIAN: DSA-2894
UBUNTU: USN-2164-1
CONFIRM: http://advisories.mage...
FEDORA: FEDORA-2014-6380
FEDORA: FEDORA-2014-6569
MANDRIVA: MDVSA-2014:068
BID: 66459
CONFIRM: http://aix.software.ib...
REDHAT: RHSA-2014:1552
REDHAT: RHSA-2015:0425
MANDRIVA: MDVSA-2015:095
CONFIRM: http://www.oracle.com/...
SECUNIA: 59855
HP: HPSBUX03188
HP: SSRT101487

Launchpad.net

CVE 2014-2653

Related bugs and status

Related bugs

References