Release Info

Advisory: CLSA-2024:1707420378

OS: Ubuntu 16.04 ELS

Public date: 2024-02-08 14:26:20

Project: openssh

Version: 2:7.2p2-4ubuntu2.10+tuxcare.els5

Errata link: https://errata.cloudlinux.com/ubuntu16-els/CLSA-2024-1707420378.html

Changelog

* SECURITY UPDATE: it's possible to remove the initial messages on the secure channel without causing a MAC failure - debian/patches/CVE-2023-48795.patch: implement "strict key exchange" in ssh and sshd - CVE-2023-48795

Update

Update command: apt-get update apt-get --only-upgrade install openssh*

Packages list

openssh-client_7.2p2-4ubuntu2.10+tuxcare.els5_amd64.deb openssh-client-ssh1_7.2p2-4ubuntu2.10+tuxcare.els5_amd64.deb openssh-server_7.2p2-4ubuntu2.10+tuxcare.els5_amd64.deb openssh-sftp-server_7.2p2-4ubuntu2.10+tuxcare.els5_amd64.deb ssh_7.2p2-4ubuntu2.10+tuxcare.els5_all.deb ssh-askpass-gnome_7.2p2-4ubuntu2.10+tuxcare.els5_amd64.deb ssh-krb5_7.2p2-4ubuntu2.10+tuxcare.els5_all.deb

CVEs

CVE-2023-48795