[Bug 1154537] Re: Please enable SSH-1 protocol support
Dmitrijs Ledkovs
launchpad at surgut.co.uk
Wed Mar 13 16:11:37 UTC 2013
As far as I know, ssh-1 protocol is vulnerable to arbitary injection of
data into the encrypted traffic. Thus it will be highly insecure to
enable that by default. This is same reason we disable weak hash
algorithms and vulnerable old ssl/tls protocols in the web-browsers we
ship. I think this bug will be marked as "won't fix". Subscribing ubuntu
security team to make the call.
** Changed in: libssh (Ubuntu)
Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1154537
Title:
Please enable SSH-1 protocol support
Status in “libssh” package in Ubuntu:
Won't Fix
Bug description:
SSH-1 protocol support must be enabled explicitly. Please find
attached a debdiff to enable it.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/1154537/+subscriptions
More information about the Ubuntu-sponsors
mailing list