[USN-6279-1] OpenSSH update

[Nishit Majithia]

==========================================================================
Ubuntu Security Notice USN-6279-1
August 09, 2023

openssh update
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

A hardening measure was added to OpenSSH.

Software Description:
- openssh: secure shell (SSH) for secure access to remote machines

Details:

It was discovered that OpenSSH has an observable discrepancy leading to an
information leak in the algorithm negotiation. This update mitigates the
issue by tweaking the client hostkey preference ordering algorithm to
prefer the default ordering if the user has a key that matches the
best-preference default algorithm.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  openssh-client                  1:8.2p1-4ubuntu0.9

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  openssh-client                  1:7.6p1-4ubuntu0.7+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  openssh-client                  1:7.2p2-4ubuntu2.10+esm4

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
  openssh-client                  1:6.6p1-2ubuntu2.13+esm2

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6279-1
  https://launchpad.net/bugs/2030275

Package Information:
  https://launchpad.net/ubuntu/+source/openssh/1:8.2p1-4ubuntu0.9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20230809/a0bc05a8/attachment-0001.sig>