14 DAY TRIAL // Canonical has published details in a security notice about a few of OpenSSH vulnerabilities that have been found and fixed in Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems.
The Ubuntu maintainers have been quick to integrate a new version of the OpenSSH library into the repositories. This version covers a number of security issues and it's not a major upgrade. It's still a good idea to upgrade the OS as soon as possible.
According to the security notice, "Moritz Jodeit discovered that OpenSSH incorrectly handled context memory when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to bypass authentication or possibly execute arbitrary code."
This is just one of the issues found. For a more detailed description of the problems, you can see Canonical's security notification. Users should upgrade their Linux distribution in order to correct this issue.
The flaw can be fixed if you upgrade your system(s) to the latest openssh-server package specific to each distribution. To apply the patch, users can simply run the Update Manager application.
If you don't want to use the Software Updater, you can open a terminal and enter the following commands (you will need to be root):
sudo apt-get dist-upgrade