-
Committer:
Bazaar Package Importer
-
Author(s):
Jamie Strandboge
-
Date:
2008-05-13 00:16:35 UTC
-
Revision ID:
james.westby@ubuntu.com-20080513001635-5ty8uivsgjy0fuvn
Tags: 1:4.3p2-8ubuntu1.3
* Mitigate OpenSSL security vulnerability thank to Colin Watson:
- Add key blacklisting support. Keys listed in
/etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by
sshd, unless "PermitBlacklistedKeys yes" is set in
/etc/ssh/sshd_config.
- Add a new program, ssh-vulnkey, which can be used to check keys
against these blacklists.
- Depend on openssh-blacklist.
- Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least
0.9.8c-4ubuntu0.3.
- Automatically regenerate known-compromised host keys, with a
critical-priority debconf note. (I regret that there was no time to
gather translations.)
* added README.compromised-keys thanks to Colin Watson
* References
CVE-2008-0166
http://www.ubuntu.com/usn/usn-612-1