OpenSSL vulnerability

[todb]

By the way, there's an overly restrictive dependency for openssh-server:

Code:

todb@mazikeen:~$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
You might want to run `apt-get -f install' to correct these.
The following packages have unmet dependencies:
  openssh-server: Depends: openssh-client (= 1:4.6p1-5ubuntu0.2) but 1:4.6p1-5ubuntu0.3 is installed
E: Unmet dependencies. Try using -f.
todb@mazikeen:~$

This should be fixed when the package is fixed to correct the bad template bug.

[rescdsk]

Any ideas about how to check for bad OpenVPN keys? dowkd.pl doesn't seem to be able to read the key/pem/csr/crt/whatever files.

[CheShA]

I presume they are hurriedly pushing out an update which has something to do with the broken version of ssh that the repos are currently trying to feed me. Bad time to try upgrading...

Code:

Unpacking openssh-server (from .../openssh-server_1%3a4.6p1-5ubuntu0.3_amd64.deb) ...
Template #4 in /var/lib/dpkg/tmp.ci/templates has a duplicate field "template" with new value "ssh/vulnerable_host_keys". Probably two templates are not properly separated by a lone newline.
dpkg: error processing /var/cache/apt/archives/openssh-server_1%3a4.6p1-5ubuntu0.3_amd64.deb (--unpack):

[Joshua Swink]

Help, openssh-server won't upgrade:

Code:

Selecting previously deselected package openssh-server.
(Reading database ... 170739 files and directories currently installed.)
Unpacking openssh-server (from .../openssh-server_1%3a4.6p1-5ubuntu0.3_i386.deb) ...
Template #4 in /var/lib/dpkg/tmp.ci/templates has a duplicate field "template" with new value "ssh/vulnerable_host_keys". Probably two templates are not properly separated by a lone newline.
dpkg: error processing /var/cache/apt/archives/openssh-server_1%3a4.6p1-5ubuntu0.3_i386.deb (--unpack):
 subprocess pre-installation script returned error exit status 255
Errors were encountered while processing:
 /var/cache/apt/archives/openssh-server_1%3a4.6p1-5ubuntu0.3_i386.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

A workaround would be greatly appreciated. This is in Ubuntu 7.10.

[DarkHelmet]

I just tried the upgrade as well, and the install script for openssh-server is not working.

below is the error I get:

root@keekles:/etc/apache2/mods-enabled# apt-get install openssh-server
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
ssh-askpass xbase-clients rssh molly-guard
The following packages will be upgraded:
openssh-server
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
Need to get 0B/250kB of archives.
After unpacking 4096B of additional disk space will be used.
Preconfiguring packages ...
openssh-server template parse error: Template #4 in /tmp/openssh-server.template.37030 has a duplicate field "template" with new value "ssh/vulnerable_host_keys". Probably two templates are not properly separated by a lone newline.

(Reading database ... 32381 files and directories currently installed.)
Preparing to replace openssh-server 1:4.6p1-5ubuntu0.2 (using .../openssh-server_1%3a4.6p1-5ubuntu0.3_i386.deb) ...
Template #4 in /var/lib/dpkg/tmp.ci/templates has a duplicate field "template" with new value "ssh/vulnerable_host_keys". Probably two templates are not properly separated by a lone newline.
dpkg: error processing /var/cache/apt/archives/openssh-server_1%3a4.6p1-5ubuntu0.3_i386.deb (--unpack):
subprocess pre-installation script returned error exit status 255
Errors were encountered while processing:
/var/cache/apt/archives/openssh-server_1%3a4.6p1-5ubuntu0.3_i386.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
root@keekles:/etc/apache2/mods-enabled#

[todb]

Correct. Please see Comment 11. openssh-server's deb package is currently nonfunctional for at least two reasons, so you'll want to wait a bit before trying to upgrade.

[sunbird]

I am not running ssh server, just the client, and I have some trouble with the upgrade.

I downloaded the packages listed here and all of them installed except for libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.1 for which I get the following:

Code:

$ sudo dpkg -i libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.1_amd64.udeb 
(Reading database ... 115335 files and directories currently installed.)
Unpacking libcrypto0.9.8-udeb (from libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.1_amd64.udeb) ...
dpkg: error processing libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.1_amd64.udeb (--install):
 trying to overwrite `/usr/lib/libcrypto.so.0.9.8', which is also in package libssl0.9.8
dpkg-deb: subprocess paste killed by signal (Broken pipe)
Errors were encountered while processing:
 libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.1_amd64.udeb

Any help?

[rescdsk]

I am not running ssh server, just the client, and I have some trouble with the upgrade.

Code:

$ sudo dpkg -i libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.1_amd64.udeb

Any help?

That one is a udeb --- those are used in the installer, you don't need them on a complete system.

[glotz]

At http://www.ubuntu.com/usn/usn-612-2 it says you'll have to jump thru 5 hoops because of this problem. What about the millions of users that don't happen to read this announcement?

[fishtoprecords]

anyone know where to find the magic fix program:
ssh-vulnkey

as mentioned in the releases.