Is there a security ssh issue in ubuntu?

Asked by Daniel Stone on 2009-07-09

We have limited information about this exploit and the extent of it, but as far as we know, it affects only Linux boxes running OpenSSH compiled against OpenSSL, with the exception of OpenSSL version 1.0.x beta.

Is this resolved in any patches?

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu openssh Edit question
Assignee:
No assignee Edit question
Last query:
2009-07-09
Last reply:
2009-07-09

This question was originally filed as bug #397474.

Chris Coulson (chrisccoulson) said : #1

Thank you for taking the time to report this issue and helping to make Ubuntu better. Examining the information you have given us, this does not appear to be a bug report so we are closing it and converting it to a question in the support tracker. We appreciate the difficulties you are facing, but it would make more sense to raise problems you are having in the support tracker at https://answers.launchpad.net/ubuntu if you are uncertain if they are bugs. For help on reporting bugs, see https://help.ubuntu.com/community/ReportingBugs#When%20not%20to%20file%20a%20bug.

Colin Watson (cjwatson) said : #2

To my knowledge we don't know anything much about the alleged problem other than rumours, so it's impossible to say as yet whether it's resolved. We'll respond quickly to any actual information.

You may find this thread useful:

  http://lists.mindrot.org/pipermail/openssh-unix-dev/2009-July/027726.html

Short version: neither Red Hat's security team nor the OpenSSH developers are aware of anything concrete as yet, and neither is in possession of any non-public information on the subject.

Can you help with this problem?

Provide an answer of your own, or ask Daniel Stone for more information if necessary.

To post a message you must log in.