Univention Bugzilla – Bug 34268
libssh: Insecure PRNG seeding (3.1)
Last modified: 2016-12-12 16:34:50 CET
CVE-2014-0017 The PRNG is not always correctly reseeding when a new process is forked.
The maintenance with bug and security fixes for UCS 3.1-x has ended on 31st of May 2014. The maintenance of the UCS 3.x major series is continued by UCS 3.2-x that is supplied with bug and security fixes. Customers still on UCS 3.1-x are encouraged to update to UCS 3.2. Please contact your partner or Univention for any questions.
Another issue has been fixed in upstream Debian package version 0.4.5-3+squeeze3: * Weak Diffie-Hellman secret generation in libssh (CVE-2016-0739)
repo_admin.py -U -r 3.1 -s extsec3.1 -d squeeze-lts -p libssh # 0.4.5-3+squeeze3 Package: libssh Version: 0.4.5-3.17.201605251207 Branch: ucs_3.1-0 Scope: extsec3.1 r69528 | Bug #34268: libssh branches/ucs-3.1/ucs-3.1-1/doc/errata/staging/libssh.txt
* Imported version is latest in squeeze-lts * Package is updatable But the versioning is such that the package will remain installed in UCS 3.3: Version: 0.4.5-3.5.201303011058: ucs_3.1-0-ucs3.1-1 Version: 0.4.5-3.17.201605251207: ucs_3.1-0-extsec3.1 Version: 0.4.5-3.16.201605091706: ucs_3.3-0 I think we need to adjust the build version increment.
(In reply to Arvid Requate from comment #4) > * Imported version is latest in squeeze-lts > * Package is updatable > > But the versioning is such that the package will remain installed in UCS 3.3: > > Version: 0.4.5-3.5.201303011058: ucs_3.1-0-ucs3.1-1 > Version: 0.4.5-3.17.201605251207: ucs_3.1-0-extsec3.1 > Version: 0.4.5-3.16.201605091706: ucs_3.3-0 > > I think we need to adjust the build version increment. $ printf 14 > /var/univention/buildsystem2/config/versions/libssh $ b31-scope extsec3.1 libssh $ printf 17 > /var/univention/buildsystem2/config/versions/libssh Package: libssh Version: 0.4.5-3.15.201606090935 Branch: ucs_3.1-0 Scope: extsec3.1 r70001 | Bug #34268: libssh branches/ucs-3.1/ucs-3.1-1/doc/errata/staging/libssh.txt
Ok, 0.4.5-3+squeeze3 is imported, built and updatable. Versioning and advisory are ok too.
<http://errata.software-univention.de/ucs/3.1/290.html>