[Bug 1863447] Re: openssh outdated by 8.2
Oibaf
1863447 at bugs.launchpad.net
Fri Jun 12 08:27:11 UTC 2020
Ubuntu 20.04/focal was released with 8.2p1.
** Changed in: openssh (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1863447
Title:
openssh outdated by 8.2
Status in openssh package in Ubuntu:
Fix Released
Bug description:
Hi,
yeah, it's not yet a bug, but it will become a (security) bug within
lifetime of 20.04 if not 'fixed'.
Currently openssh for Ubuntu 20.04 is still on 8.1p1, while upstream
the version 8.2 has just been released:
https://lists.mindrot.org/pipermail/openssh-unix-
announce/2020-February/000138.html
It comes with important security updates, e.g. not accepting SHA-1 for
key generation/signature anymore, and using FIDO2/U2F-tokens as a
second factor. Especially the latter significantly improves security
and helps against stealing keys and hijacking machines.
It would be important (and nice) to have these improvements of
security in Ubuntu 20.04.
It might not yet be seen as a security vulnerability, but it will probably become one soon.
Thanks
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1863447/+subscriptions
More information about the foundations-bugs
mailing list