Debian Long Term Support / LTS Security Information / 2014 / Security Information -- DLA-42-1 live-config

Debian Security Advisory

DLA-42-1 live-config -- LTS security update

Date Reported:

29 Aug 2014

Affected Packages:

live-config

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 741678.

More information:

A vulnerability against Debian Live, the live systems project, was reported. The default, the live images include a SSH server allowing for log in with default user and password. This fix set PasswordAuthentication in /etc/ssh/sshd_config as no.

For Debian 6 Squeeze, these issues have been fixed in live-config version 2.0.15-1.1+deb6u1