Candidate: CVE-2011-0539
PublicDate: 2011-02-10 18:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0539
 http://www.openssh.com/txt/legacy-cert.adv
Description:
 The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when
 generating legacy certificates using the -t command-line option in
 ssh-keygen, does not initialize the nonce field, which might allow remote
 attackers to obtain sensitive stack memory contents or make it easier to
 conduct hash collision attacks.
Ubuntu-Description:
Notes:
 jdstrand> only version 5.6 and 5.7
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_openssh:
upstream_openssh: released (5.8p1)
dapper_openssh: not-affected
hardy_openssh: not-affected
karmic_openssh: not-affected
lucid_openssh: not-affected
maverick_openssh: not-affected (1:5.5p1-4ubuntu5)
devel_openssh: not-affected (1:5.8p1-1ubuntu1)