Linux News
The world is talking about GNU/Linux and Free/Open Source Software

Login

If you don't have an account yet, visit the registration page to sign up.

If you already have an account, you may login here:

Today's Big Story

Why I Ditched Linux for Samsung DeX

LXer Features

Linux That's Small

Encryption, Trust, and the Hidden Dangers of Vendor-Controlled Data

My Linux Mint Tribute

How I Turned My Chromebook Into A "Mintbook"

Adventures With My New Chromebook

My Linux Laptop

Have something to say?

Ready to be published? LXer is read by around 350,000 individuals each month, and is an excellent place for you to publish your ideas, thoughts, reviews, complaints, etc. Do you have something to say to the Linux community?

Publish it here.

DaniWeb Linux Community
An exciting professional discussion group about software development, php, shell scripting, networking, ruby, and more.

Latest Discussions

Good Advice

Straight frwd run archinstall 3.0.0 crashes in pipewiire section

Hyprland 0.45.0 has just been released for Arch Linux based

See Activation Cube feature on Fedora 41 KDE Spin in VENV

You don't need AI to know how this goes

Should be a SNL skit

Please add https to lxer.com

Anyone remember Distrotest.net? I found a new one!

Site Menu

Other News

- LWN.net
Their weekly coverage of Linux news is unmatched in this community.

- LinuxGizmos.com
Excellent news for embedded Linux.

- LinuxQuestions.org
Discussion forums for Linux users.

LinuxQuestions.org is a friendly and active Linux Community with forums, reviews, a hardware compatibility list, a wiki, tutorials, a download site, a podcast and more.

Debian alert: OpenSSH buffer management fix

Posted by dave on Sep 21, 2003 11:05 AM EDT
Mailing list

Mail this story
Print this story

This advisory is an addition to the earlier DSA-382-1 and DSA-382-3 advisories: Solar Designer found four more bugs in OpenSSH that may be exploitable.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-382-3                   security@debian.org
http://www.debian.org/security/                         Wichert Akkerman
September 21, 2003
- ------------------------------------------------------------------------


Package        : ssh
Vulnerability  : buffer handling
Problem type   : possible remote
Debian-specific: no
CVE references : CAN-2003-0693 CAN-2003-0695 CAN-2003-0682

This advisory is an addition to the earlier DSA-382-1 and DSA-382-3
advisories: Solar Designer found four more bugs in OpenSSH that may be
exploitable.

For the Debian stable distribution these bugs have been fixed in version
1:3.4p1-1.woody.3 .


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1.orig.tar.gz
      Size/MD5 checksum:   837668 459c1d0262e939d6432f193c7a4ba8a8
    http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-1.woody.3.diff.gz
      Size/MD5 checksum:    36523 b264717da79efedfbaaecfede3ec5934
    http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-1.woody.3.dsc
      Size/MD5 checksum:     1350 bf5970e940e1d5bf7345a1d9e778d7f4

  alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_alpha.deb
      Size/MD5 checksum:    35900 634340333420155ddaf6f70fab3fbd59
    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_alpha.deb
      Size/MD5 checksum:   850196 c9e82af3e9f16941c64d0ae478e1f184

  arm architecture (ARM)

    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_arm.deb
      Size/MD5 checksum:    35132 b7c3431b949c24cf1c040be28e06fbbf
    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_arm.deb
      Size/MD5 checksum:   658324 5ac2853c07e93bc498aadcc63565bb82

  hppa architecture (HP PA RISC)

    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_hppa.deb
      Size/MD5 checksum:   755910 14d426db61713617a1e914bd1c675b07
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_hppa.deb
      Size/MD5 checksum:    35494 714c4e74169c5985ad745f8928d1e831

  i386 architecture (Intel ia32)

    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_i386.deb
      Size/MD5 checksum:    35414 ab621997a28bc30c928c2d317ae0c3a9
    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_i386.deb
      Size/MD5 checksum:   642624 a4293645b075984afa600f8094395c2d

  ia64 architecture (Intel ia64)

    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_ia64.deb
      Size/MD5 checksum:  1002720 ac989f421d1de08ce6487060ce231968
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_ia64.deb
      Size/MD5 checksum:    36906 45b3a0b3f0564cc6688fab9bc2bceee1

  mipsel architecture (MIPS (Little Endian))

    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_mipsel.deb
      Size/MD5 checksum:   727514 4b667b3d8306af3eb8073e66932c853d
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_mipsel.deb
      Size/MD5 checksum:    35384 2395ff7a07f5d4e255844d0f608a8161

  powerpc architecture (PowerPC)

    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_powerpc.deb
      Size/MD5 checksum:   681524 f8f9c03826fce1dccc16c7d47b93a376
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_powerpc.deb
      Size/MD5 checksum:    35150 b6a0d8c9edf371d118dd32d503102c6c

  s390 architecture (IBM S/390)

    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_s390.deb
      Size/MD5 checksum:   718140 97e5e2e22860eb74d336e2938286d7a7
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_s390.deb
      Size/MD5 checksum:    35786 97f0c72c5d72b61b5fe9c0c2a1d278be

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_sparc.deb
      Size/MD5 checksum:   686130 d44dec2bc9161419f71f769fff78f95b
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_sparc.deb
      Size/MD5 checksum:    35202 1b2eb82ad15a4209237a61000dc63c3c
- -- 
- ----------------------------------------------------------------------------
Debian Security team <team@security.debian.org>
http://www.debian.org/security/
Mailing-List: debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/bfZaPLiSUC+jvC0RAm/eAJoCBZEgxQNjwmUPF/X5nDmzSwdYrwCfQAjQ
9EzuhfWxLhqW/yZ7Vd1fcjc=
=DXMK
-----END PGP SIGNATURE-----

Linux NewsThe world is talking about GNU/Linux and Free/Open Source Software