Ubuntu Security Notice USN-209-1
17th October, 2005
openssh vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.04
- Ubuntu 4.10
Details
An information disclosure vulnerability has been found in the SSH
server. When the GSSAPIAuthentication option was enabled, the SSH
server could send GSSAPI credentials even to users who attempted to
log in with a method other than GSSAPI. This could inadvertently
expose these credentials to an untrusted user.
Please note that this does not affect the default configuration of the
SSH server.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 5.04:
- openssh-server
- Ubuntu 4.10:
- openssh-server
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None