About Ubuntu

=========================================================== Ubuntu Security Notice USN-355-1 October 02, 2006 openssh vulnerabilities CVE-2006-4924, CVE-2006-5051 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: openssh-server 1:3.9p1-1ubuntu2.3 Ubuntu 5.10: openssh-server 1:4.1p1-7ubuntu4.2 Ubuntu 6.06 LTS: openssh-server 1:4.2p1-7ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Tavis Ormandy discovered that the SSH daemon did not properly handle authentication packets with duplicated blocks. By sending specially crafted packets, a remote attacker could exploit this to cause the ssh daemon to drain all available CPU resources until the login grace time expired. (CVE-2006-4924) Mark Dowd discovered a race condition in the server's signal handling. A remote attacker could exploit this to crash the server. (CVE-2006-5051)