[Bug 1732172] Re: [CVE] Security Vulnerabilities in OpenSSH on Ubuntu 14.04
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Jan 10 16:00:05 UTC 2018
Hi,
Thanks for commenting on this issue.
We have rated CVE-2016-10009 as a low-priority issue because an attacker
would need to control both the forwarded agent socket and write access
to the filesystem of the host running the agent, an unlikely scenario.
Other Linux distributions have also rated it similarly and have not
rolled out updates to fix the issue.
That being said, we will be including the fix in our next round of
OpenSSH security updates once a more important issue comes up.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1732172
Title:
[CVE] Security Vulnerabilities in OpenSSH on Ubuntu 14.04
Status in openssh package in Ubuntu:
Incomplete
Bug description:
Does anyone know when the following OpenSSH venerabilities will be
patched on Ubuntu 14.04
CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012,
CVE-2016-8858
As these are coming up repeatedly on or security scans
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1732172/+subscriptions
More information about the foundations-bugs
mailing list