OpenSSH Vulnerability Closed by Canonical in Ubuntu 13.10

Users have been advised to upgrade their systems as soon as possible

  Ubuntu 13.10 desktop
On November 8, in a security notice, Canonical published details about an OpenSSH vulnerability in its Ubuntu 13.10 (Saucy Salamander) operating system.

On November 8, in a security notice, Canonical published details about an OpenSSH vulnerability in its Ubuntu 13.10 (Saucy Salamander) operating system.

According to the company, OpenSSH could have been made to run programs if it received specially crafted network traffic from an authenticated user.

It has been discovered that OpenSSH incorrectly handled memory when the AES-GCM cipher was used. A remotely authenticated attacker could have used this issue to execute arbitrary code as the user, possibly bypassing shell or command restrictions.

For a more detailed description of the security problems, you can see Canonical's security notification.

The security flaws can be fixed if you upgrade your system(s) to the latest openssh-server package. To apply the patch, run the Update Manager application.

In general, a standard system update will make all the necessary changes and a restart is not required.

Comments