all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

USN-6560-2: OpenSSH vulnerabilities

Add to bookmarks
Jan. 11, 2024, 4:53 p.m. |

Ubuntu security notices ubuntu.com

USN-6560-1 fixed several vulnerabilities in OpenSSH. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH
protocol was vulnerable to a prefix truncation attack. If a remote attacker
was able to intercept SSH communications, extension negotiation messages
could be truncated, possibly leading to certain algorithms and features
being downgraded. This issue is known as the Terrapin attack. This update
adds protocol extensions to …

advisory attack attacker communications extension fabian bäumer intercept jörg schwenk lts marcus marcus brinkmann messages negotiation openssh openssh vulnerabilities protocol ssh ssh communications ssh protocol truncated ubuntu update usn vulnerabilities vulnerable

Visit resource

More from ubuntu.com / Ubuntu security notices

USN-6754-1: nghttp2 vulnerabilities 2 days, 10 hours ago | ubuntu.com
attacker cve denial of service http +10
USN-6753-1: CryptoJS vulnerability 2 days, 12 hours ago | ubuntu.com
attacker configuration cryptographic default +11
USN-6751-1: Zabbix vulnerabilities 2 days, 12 hours ago | ubuntu.com
attacker attacks cross-site cross-site scripting (xss) attacks +11
USN-6752-1: FreeRDP vulnerabilities 2 days, 18 hours ago | ubuntu.com
attacker crash denial of service issue +7
USN-6750-1: Thunderbird vulnerabilities 3 days, 5 hours ago | ubuntu.com
arbitrary code attacker browsing bypass +19
USN-6743-3: Linux kernel (Azure) vulnerabilities 3 days, 10 hours ago | ubuntu.com
attacker azure bpf compromise +16
USN-6657-2: Dnsmasq vulnerabilities 3 days, 13 hours ago | ubuntu.com
advisory attacker dnsmasq dnssec +10
USN-6749-1: FreeRDP vulnerabilities 3 days, 15 hours ago | ubuntu.com
arbitrary code attacker code context +12
USN-6748-1: Sanitize vulnerabilities 4 days, 3 hours ago | ubuntu.com
attack attacker cross-site cve +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Associate Principal Security Engineer

@ Activision Blizzard | Work from Home - CA
View on infosec-jobs.com

Security Engineer- Systems Integration

@ Meta | Bellevue, WA | Menlo Park, CA | New York City
View on infosec-jobs.com

Lead Security Engineer (Digital Forensic and IR Analyst)

@ Blue Yonder | Hyderabad
View on infosec-jobs.com

Senior Principal IAM Engineering Program Manager Cybersecurity

@ Providence | Redmond, WA, United States
View on infosec-jobs.com

Information Security Analyst II or III

@ Entergy | The Woodlands, Texas, United States
View on infosec-jobs.com
View more jobs