[Bug 287256] Re: hardy ppc (ports.ubuntu.com) includes broken (old) openssh-client package which only generates comprimized keys.

Colin Watson cjwatson at canonical.com
Sat Jan 24 19:46:46 GMT 2009 

This security vulnerability was discovered after the original release of
hardy, and updated packages were issued long ago for all architectures,
including powerpc. It sounds like you have not applied security updates
to your system. The master archive shows;

  openssh-client | 1:4.7p1-8ubuntu1 |         hardy | amd64, hppa, i386, ia64, lpia, powerpc, sparc
  openssh-client | 1:4.7p1-8ubuntu1.2 | hardy-security | amd64, hppa, i386, ia64, lpia, powerpc, sparc
  openssh-client | 1:4.7p1-8ubuntu1.2 | hardy-updates | amd64, hppa, i386, ia64, lpia, powerpc, sparc

Make sure that the following lines are in /etc/apt/sources.list:

  deb http://ports.ubuntu.com/ubuntu-ports hardy-security main restricted universe multiverse
  deb-src http://ports.ubuntu.com/ubuntu-ports hardy-security main restricted universe multiverse
  deb http://ports.ubuntu.com/ubuntu-ports hardy-updates main restricted universe multiverse
  deb-src http://ports.ubuntu.com/ubuntu-ports hardy-updates main restricted universe multiverse

Then press "Check" followed by "Install Updates" in System ->
Administration -> Update Manager, or run 'sudo apt-get update' and 'sudo
apt-get dist-upgrade', or whatever other upgrade method you prefer.

I don't know why your system wasn't already fixed. Perhaps you simply
didn't apply security updates for some reason, or perhaps you ran into
some installer bug that meant that hardy-security wasn't in sources.list
(though I'm astonished that at least hardy-updates wasn't there). I am
confident that all such installer bugs have been fixed by now, although
of course this is one area where it's particularly difficult to issue
updates effectively!

** Changed in: openssh (Ubuntu)
       Status: New => Fix Released

-- 
hardy ppc (ports.ubuntu.com) includes broken (old) openssh-client package which only generates comprimized keys.
https://bugs.launchpad.net/bugs/287256
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.

More information about the Ubuntu-server-bugs mailing list