Headline
Ubuntu Security Notice USN-6279-1
Ubuntu Security Notice 6279-1 - It was discovered that OpenSSH has an observable discrepancy leading to an information leak in the algorithm negotiation. This update mitigates the issue by tweaking the client hostkey preference ordering algorithm to prefer the default ordering if the user has a key that matches the best-preference default algorithm.
==========================================================================
Ubuntu Security Notice USN-6279-1
August 09, 2023
openssh update
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
A hardening measure was added to OpenSSH.
Software Description:
- openssh: secure shell (SSH) for secure access to remote machines
Details:
It was discovered that OpenSSH has an observable discrepancy leading to an
information leak in the algorithm negotiation. This update mitigates the
issue by tweaking the client hostkey preference ordering algorithm to
prefer the default ordering if the user has a key that matches the
best-preference default algorithm.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
openssh-client 1:8.2p1-4ubuntu0.9
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
openssh-client 1:7.6p1-4ubuntu0.7+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
openssh-client 1:7.2p2-4ubuntu2.10+esm4
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
openssh-client 1:6.6p1-2ubuntu2.13+esm2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6279-1
https://launchpad.net/bugs/2030275
Package Information:
https://launchpad.net/ubuntu/+source/openssh/1:8.2p1-4ubuntu0.9