Debian Security Advisory

DLA-42-1 live-config -- LTS security update

Date Reported:
29 Aug 2014
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 741678.
More information:

A vulnerability against Debian Live, the live systems project, was reported. The default, the live images include a SSH server allowing for log in with default user and password. This fix set PasswordAuthentication in /etc/ssh/sshd_config as no.

For Debian 6 Squeeze, these issues have been fixed in live-config version 2.0.15-1.1+deb6u1