[Bug 1076306] Re: Upgrading of OpenSSH on 10.04 LTS

Marc Deslauriers marc.deslauriers at canonical.com
Thu Nov 8 13:08:59 UTC 2012 

Ubuntu backports security fixes to stable versions of software it
shipped with. Although 10.04 LTS has openssh version 5.3, the security
issues were corrected in that version.

The only known security issue in openssh in Ubuntu 10.04 LTS is
CVE-2011-5000, and that is a low priority issue that may only get fixed
next time there is a more serious issue to fix at the same time.

See the security team FAQ:

https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions

Thanks.

** Package changed: ubuntu => openssh (Ubuntu)

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-5000

** Changed in: openssh (Ubuntu)
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1076306

Title:
  Upgrading of OpenSSH on 10.04 LTS

Status in “openssh” package in Ubuntu:
  Won't Fix

Bug description:
  We have servers running 10.04 LTS with OpenSSH client and server 5.3,
  but our clients brought to our attention that there are security
  vulnerabilities and we need to upgrade to 5.8 but there is no way I
  managed to do so other than downloading the 5.8 deb packages and
  installing them, but I'm sure that just by running apt-get
  update/upgrade/dist-upgrade, the packages should upgrade especially
  due to the fact that there are security vulnerabilities and it is an
  LTS version.

  I actually found a problem after installing the deb files/packages
  though in that as soon as you execute 'apt-get dist-upgrade', I get
  the message stating 'You might want to run `apt-get -f install' to
  correct these' and when I do run 'apt-get -f install', I get the
  message 'The following packages will be REMOVED:   libssl1.0.0
  openssh-client openssh-server'.

  This is a serious issue for us, and would appreciate some help in the
  matter.

  Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1076306/+subscriptions

More information about the foundations-bugs mailing list