Re: [Bug 230344] Re: bug in ssh-vulnkey - ref USN-612-2
*** This bug is a duplicate of bug 230029 *** https://bugs.launchpad.net/bugs/230029 On Wed, May 14, 2008 at 04:03:01PM -, Kees Cook wrote: *** This bug is a duplicate of bug 230029 *** https://bugs.launchpad.net/bugs/230029 ** This bug has been marked a duplicate of bug 230029 ssh-vulnkey overlooks keys which have options in authorized_keys Great, I am happy that it has also been fixed. However, this the second time that this duplication happened to me and I DID check before posting whether there was anything already reported about the problem. I used launchpad search facility to find related reports and nothing came up. Now I am wondering why, is there a delay, am I doing something wrong? Peter -- bug in ssh-vulnkey - ref USN-612-2 https://bugs.launchpad.net/bugs/230344 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu (via bug 230029). -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 230344] [NEW] bug in ssh-vulnkey - ref USN-612-2
*** This bug is a security vulnerability *** Public security bug reported: Binary package hint: openssh-blacklist The ssh-vulnkey program doesn't correctly parse authorized_keys files resulting in missing compromised keys. This bug manifests itself when the option field has parameters containing space. Some options, most importantly command, can contain space in quoted strings. Here is an example showing two lines of an authorized_keys file with the same compromised key: command=hg-ssh ~/repos/ddb,no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-rsa B3NzaC1yc2EBIwAA... no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-rsa B3NzaC1yc2EBIwAA... Only the second line reported as compromised. The option field is frequently used to (fine) control access to sshd hosts, so this bug seriously undermines the usefulness of ssh-vulnkey. Peter ** Affects: openssh-blacklist (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- bug in ssh-vulnkey - ref USN-612-2 https://bugs.launchpad.net/bugs/230344 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 230344] Re: bug in ssh-vulnkey - ref USN-612-2
*** This bug is a duplicate of bug 230029 *** https://bugs.launchpad.net/bugs/230029 On Wed, May 14, 2008 at 04:03:01PM -, Kees Cook wrote: *** This bug is a duplicate of bug 230029 *** https://bugs.launchpad.net/bugs/230029 ** This bug has been marked a duplicate of bug 230029 ssh-vulnkey overlooks keys which have options in authorized_keys Great, I am happy that it has also been fixed. However, this the second time that this duplication happened to me and I DID check before posting whether there was anything already reported about the problem. I used launchpad search facility to find related reports and nothing came up. Now I am wondering why, is there a delay, am I doing something wrong? Peter -- bug in ssh-vulnkey - ref USN-612-2 https://bugs.launchpad.net/bugs/230344 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 222108] [NEW] md5sum check fails on wubi.exe in Hardy
*** This bug is a security vulnerability *** Public security bug reported: The md5sum check fails on wubi.exe downloaded from Hardy's release sites. The MD5SUM file reports it as cdd32124f23b455b0aa22cc3ff35ff35 but the actual md5sum is a96aa69961f3ed80dd7a88fae1e28196. ** Affects: ubuntu Importance: Undecided Status: New ** Visibility changed to: Public -- md5sum check fails on wubi.exe in Hardy https://bugs.launchpad.net/bugs/222108 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
