Security Information / 2014 / Security Information -- DSA-2894-1 openssh

Debian Security Advisory

DSA-2894-1 openssh -- security update

Date Reported:

05 Apr 2014

Affected Packages:

openssh

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 742513.
In Mitre's CVE dictionary: CVE-2014-2532, CVE-2014-2653.

More information:

Two vulnerabilities were discovered in OpenSSH, an implementation of the SSH protocol suite. The Common Vulnerabilities and Exposures project identifies the following problems:

• CVE-2014-2532

  Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote attacker could use this issue to trick OpenSSH into accepting any environment variable that contains the characters before the wildcard character.

• CVE-2014-2653

  Matthew Vernon reported that if a SSH server offers a HostCertificate that the ssh client doesn't accept, then the client doesn't check the DNS for SSHFP records. As a consequence a malicious server can disable SSHFP-checking by presenting a certificate.

  Note that a host verification prompt is still displayed before connecting.

For the oldstable distribution (squeeze), these problems have been fixed in version 1:5.5p1-6+squeeze5.

For the stable distribution (wheezy), these problems have been fixed in version 1:6.0p1-4+deb7u1.

For the unstable distribution (sid), these problems have been fixed in version 1:6.6p1-1.

We recommend that you upgrade your openssh packages.