[USN-3809-2] OpenSSH regression

Marc Deslauriers marc.deslauriers at canonical.com
Thu Aug 12 12:36:10 UTC 2021

Ubuntu Security Notice USN-3809-2
August 12, 2021

openssh regression

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS


USN-3809-1 introduced a regression in OpenSSH.

Software Description:
- openssh: secure shell (SSH) for secure access to remote machines


USN-3809-1 fixed vulnerabilities in OpenSSH. The update for CVE-2018-15473
was incomplete and could introduce a regression in certain environments.
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 Robert Swiecki discovered that OpenSSH incorrectly handled certain messages.
 An attacker could possibly use this issue to cause a denial of service.
 This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
  It was discovered that OpenSSH incorrectly handled certain requests.
 An attacker could possibly use this issue to access sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  openssh-server                  1:7.6p1-4ubuntu0.5

In general, a standard system update will make all the necessary changes.


Package Information:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20210812/a2ea9f53/attachment.sig>

More information about the ubuntu-security-announce mailing list