Debian Security Advisory
DSA-2894-1 openssh -- security update
- Date Reported:
- 05 Apr 2014
- Affected Packages:
- openssh
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 742513.
In Mitre's CVE dictionary: CVE-2014-2532, CVE-2014-2653. - More information:
-
Two vulnerabilities were discovered in OpenSSH, an implementation of the SSH protocol suite. The Common Vulnerabilities and Exposures project identifies the following problems:
- CVE-2014-2532
Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote attacker could use this issue to trick OpenSSH into accepting any environment variable that contains the characters before the wildcard character.
- CVE-2014-2653
Matthew Vernon reported that if a SSH server offers a HostCertificate that the ssh client doesn't accept, then the client doesn't check the DNS for SSHFP records. As a consequence a malicious server can disable SSHFP-checking by presenting a certificate.
Note that a host verification prompt is still displayed before connecting.
For the oldstable distribution (squeeze), these problems have been fixed in version 1:5.5p1-6+squeeze5.
For the stable distribution (wheezy), these problems have been fixed in version 1:6.0p1-4+deb7u1.
For the unstable distribution (sid), these problems have been fixed in version 1:6.6p1-1.
We recommend that you upgrade your openssh packages.
- CVE-2014-2532