Home page logo

fulldisclosure logo Full Disclosure mailing list archives

rPSA-2010-0011-1 gnome-ssh-askpass openssh openssh-client openssh-server
From: rPath Update Announcements <announce-noreply () rpath com>
Date: Sun, 07 Mar 2010 08:57:34 -0500

rPath Security Advisory: 2010-0011-1
Published: 2010-03-07
    rPath Appliance Platform Linux Service 1
    rPath Appliance Platform Linux Service 2
    rPath Linux 1
    rPath Linux 2

Rating: Minor
Exposure Level Classification:
    Remote User Non-deterministic Information Exposure
Updated Versions:
    gnome-ssh-askpass=conary.rpath.com () rpl:1/5.3p1-0.3-1
    openssh=conary.rpath.com () rpl:1/5.3p1-0.3-1
    openssh=conary.rpath.com () rpl:2/5.3p1-0.1-1
    openssh-client=conary.rpath.com () rpl:1/5.3p1-0.3-1
    openssh-client=conary.rpath.com () rpl:2/5.3p1-0.1-1
    openssh-server=conary.rpath.com () rpl:1/5.3p1-0.3-1
    openssh-server=conary.rpath.com () rpl:2/5.3p1-0.1-1

rPath Issue Tracking System:


    In previous versions of openssh, the default cipher order preferred a 
    block cipher algorithm in Cipher Block Chaining (CBC) mode, which is
    suspectible to a plaintext recovery attack.  This update changes the
    cipher order to prefer the AES CTR modes, and adds countermeasures
    to mitigate attacks against CBC modes.


Copyright 2010 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • rPSA-2010-0011-1 gnome-ssh-askpass openssh openssh-client openssh-server rPath Update Announcements (Mar 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]