Bug 34269
| Summary: | libssh: Insecure PRNG seeding (3.2) | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Moritz Muehlenhoff <jmm> |
| Component: | Security updates | Assignee: | Philipp Hahn <hahn> |
| Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
| Severity: | normal | ||
| Priority: | P4 | CC: | requate |
| Version: | UCS 3.2 | Flags: | requate:
Patch_Available+
|
| Target Milestone: | UCS 3.2-8-errata | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| What kind of report is it?: | --- | What type of bug is this?: | --- |
| Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
| User Pain: | Enterprise Customer affected?: | ||
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | ||
| Max CVSS v3 score: | |||
|
Description
Moritz Muehlenhoff
Fixed in 0.4.5-3+squeeze2 Another issue has been fixed in upstream Debian package version 0.4.5-3+squeeze3: * Weak Diffie-Hellman secret generation in libssh (CVE-2016-0739) $ repo_admin.py --cherrypick -r 3.1 -s extsec3.1 --releasedest 3.3 --dest errata3.3-0 -p libssh Package: libssh Version: 0.4.5-3.18.201606090958 Branch: ucs_3.3-0 Scope: errata3.3-0 r70004 | Bug #34269: libssh YAML libssh.yaml $ repo_admin.py --cherrypick -r 3.1 -s extsec3.1 --releasedest 3.2 --dest errata3.2-8 -p libssh Package: libssh Version: 0.4.5-3.18.201606091002 Branch: ucs_3.2-0 Scope: errata3.2-8 r70005 | Bug #34269: libssh libssh.yaml Versioning issue: The errata3.2-8 package version will not get updated during update to UCS 3.3. It will stay until the system is updated to errata3.3-0-latest: Version: 0.4.5-3.5.201303011058: ucs_3.1-0-ucs3.1-1 Version: 0.4.5-3.15.201606090935: ucs_3.1-0-extsec3.1 Version: 0.4.5-3.18.201606091002: ucs_3.2-0-errata3.2-8 Version: 0.4.5-3.16.201605091706: ucs_3.3-0 Version: 0.4.5-3.19.201606091004: ucs_3.3-0-errata3.3-0 Maybe it's not critical, but we may as well rebuilt it properly e.g. with .../config/version/libssh := 13 in ucs_3.1-0-extsec3.1 and .../config/version/libssh := 14 in ucs_3.2-0-errata3.2-8 (In reply to Arvid Requate from comment #5) > Versioning issue: The errata3.2-8 package version will not get updated > during update to UCS 3.3. It will stay until the system is updated to > errata3.3-0-latest: ... > Maybe it's not critical, but we may as well rebuilt it properly e.g. with > .../config/version/libssh := 13 in ucs_3.1-0-extsec3.1 printf 14 > /var/univention/buildsystem2/config/versions/libssh Package: libssh Version: 0.4.5-3.15.201606131016 Branch: ucs_3.2-0 Scope: errata3.2-8 buildsystem=> SELECT DISTINCT srcver,major,minor,patch,scope,site FROM binpkg WHERE srcpkg='libssh' AND major>=3 AND site<>'testing' AND site<>'test' ORDER BY srcver; srcver | major | minor | patch | scope | site -------------------------+-------+-------+-------+--------+------ 0.4.5-3.3.201104201457 | 3 | 0 | 0 | | ftp 0.4.5-3.3.201104201457 | 3 | 0 | 0 | | apt 0.4.5-3.5.201303011058 | 3 | 1 | 1 | | ftp 0.4.5-3.5.201303011058 | 3 | 1 | 1 | | apt 0.4.5-3.15.201606090935 | 3 | 1 | | extsec | apt 0.4.5-3.15.201606131016 | 3 | 2 | 8 | errata | apt 0.4.5-3.16.201605091706 | 3 | 3 | 0 | | apt 0.5.4-1.8.201406182156 | 4 | 0 | 0 | | apt 0.5.4-1.8.201406182156 | 4 | 0 | 0 | | ftp r70112 | Bug #34269: libssh YAML libssh.yaml Ok. |