Ubuntu

“openssh” 1:4.7p1-8ubuntu1.1 source package in Ubuntu

Changelog

openssh (1:4.7p1-8ubuntu1.1) hardy-security; urgency=low

  * Mitigate OpenSSL security vulnerability thanks to Colin Watson:
    - Add key blacklisting support. Keys listed in
      /etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by
      sshd, unless "PermitBlacklistedKeys yes" is set in
      /etc/ssh/sshd_config.
    - Add a new program, ssh-vulnkey, which can be used to check keys
      against these blacklists.
    - Depend on openssh-blacklist.
    - Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least
      0.9.8g-4ubuntu3.1.
    - Automatically regenerate known-compromised host keys, with a
      critical-priority debconf note. (I regret that there was no time to
      gather translations.)
  * added README.compromised-keys thanks to Colin Watson
  * References
    CVE-2008-0166
    http://www.ubuntu.com/usn/usn-612-1

 -- Jamie Strandboge <email address hidden>   Mon, 12 May 2008 23:44:33 -0400

Upload details

Uploaded by:
Jamie Strandboge on 2008-05-13
Uploaded to:
Hardy
Original maintainer:
Colin Watson
Component:
main
Architectures:
any
Section:
net
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size MD5 Checksum
openssh_4.7p1.orig.tar.gz 985.7 KiB bea83d2e0f9ac7b3d4393d693e68b5c1
openssh_4.7p1-8ubuntu1.1.diff.gz 203.6 KiB b33a4acef918d79a2d0450011fd9db88
openssh_4.7p1-8ubuntu1.1.dsc 1.1 KiB 19ea91251f9de2f6dfa6d936a8e4025b

Binary packages built by this source

openssh-client: secure shell client, an rlogin/rsh/rcp replacement

 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
 group.
 .
 Ssh (Secure Shell) is a program for logging into a remote machine
 and for executing commands on a remote machine.
 It provides secure encrypted communications between two untrusted
 hosts over an insecure network. X11 connections and arbitrary TCP/IP
 ports can also be forwarded over the secure channel.
 It is intended as a replacement for rlogin, rsh and rcp, and can be
 used to provide applications with a secure communication channel.
 .
 This package provides the ssh, scp and sftp clients, the ssh-agent
 and ssh-add programs to make public key authentication more convenient,
 and the ssh-keygen, ssh-keyscan, ssh-copy-id and ssh-argv0 utilities.
 .
 In some countries it may be illegal to use any encryption at all
 without a special permit.

openssh-client-udeb: secure shell client for the Debian installer

 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
 group.
 .
 This package provides the ssh client for use in debian-installer.

openssh-server: secure shell server, an rshd replacement

 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
 group.
 .
 Ssh (Secure Shell) is a program for logging into a remote machine
 and for executing commands on a remote machine.
 It provides secure encrypted communications between two untrusted
 hosts over an insecure network. X11 connections and arbitrary TCP/IP
 ports can also be forwarded over the secure channel.
 It is intended as a replacement for rlogin, rsh and rcp, and can be
 used to provide applications with a secure communication channel.
 .
 This package provides the sshd server.
 .
 In some countries it may be illegal to use any encryption at all
 without a special permit.

openssh-server-udeb: secure shell server for the Debian installer

 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
 group.
 .
 This package provides the sshd server for use in debian-installer.
 Since it is expected to be used in specialized situations (e.g. S/390
 installs with no console), it does not provide any configuration.

ssh: secure shell client and server (metapackage)

 This metapackage is a convenient way to install both the OpenSSH client
 and the OpenSSH server. It provides nothing in and of itself, so you
 may remove it if nothing depends on it.

ssh-askpass-gnome: interactive X program to prompt users for a passphrase for ssh-add

 This has been split out of the main openssh-client package so that
 openssh-client does not need to depend on GTK.
 .
 You probably want the ssh-askpass package instead, but this is
 provided to add to your choice and/or confusion.

ssh-krb5: secure shell client and server (transitional package)

 This is a transitional package depending on the regular Debian OpenSSH
 client and server, which now support GSSAPI natively. It will add the
 necessary GSSAPI options to the server configuration file. You can
 remove it once the upgrade is complete and nothing depends on it.