========================================================================== Ubuntu Security Notice USN-3809-2 August 12, 2021 openssh regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: USN-3809-1 introduced a regression in OpenSSH. Software Description: - openssh: secure shell (SSH) for secure access to remote machines Details: USN-3809-1 fixed vulnerabilities in OpenSSH. The update for CVE-2018-15473 was incomplete and could introduce a regression in certain environments. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10708) It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2018-15473) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: openssh-server 1:7.6p1-4ubuntu0.5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3809-2 https://ubuntu.com/security/notices/USN-3809-1 https://launchpad.net/bugs/1934501 Package Information: https://launchpad.net/ubuntu/+source/openssh/1:7.6p1-4ubuntu0.5