Slackware alert: OpenSSH Security Advisory (SSA:2003-259-01)

Posted by dave on Sep 16, 2003 11:39 AM EDT
Mailing list
Mail this story
Print this story

Upgraded OpenSSH packages are available for Slackware 8.1, 9.0 and - -current. These fix a buffer management error found in versions of OpenSSH earlier than 3.7. The possibility exists that this error could allow a remote exploit, so we recommend all sites running OpenSSH upgrade to the new OpenSSH package immediately.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] OpenSSH Security Advisory (SSA:2003-259-01)

Upgraded OpenSSH packages are available for Slackware 8.1, 9.0 and - -current. These fix a buffer management error found in versions of OpenSSH earlier than 3.7. The possibility exists that this error could allow a remote exploit, so we recommend all sites running OpenSSH upgrade to the new OpenSSH package immediately.

Here are the details from the Slackware 9.0 ChangeLog: +--------------------------+ Tue Sep 16 11:13:05 PDT 2003 patches/packages/openssh-3.7p1-i386-1.tgz: Upgraded to openssh-3.7p1. From the OpenSSH Security Advisory (http://www.openssh.com/txt/buffer.adv): "All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively." (* Security fix *) +--------------------------+

WHERE TO FIND THE NEW PACKAGES: +-----------------------------+

Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssh-3.7p1-i386-1.tgz

Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssh-3.7p1-i386-1.tgz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-3.7p1-i486-1.tgz

MD5 SIGNATURES: +-------------+

Slackware 8.1 package: a86d410e47fe8ab4a8e9f04293a94093 openssh-3.7p1-i386-1.tgz

Slackware 9.0 package: ca1d0b1e658c5391067f2a9cf11fc239 openssh-3.7p1-i386-1.tgz

Slackware -current package: c58003eaaf4362c8475f0f5a77f2adbb openssh-3.7p1-i486-1.tgz

INSTALLATION INSTRUCTIONS: +------------------------+

(This procedure is safe to do while logged in through OpenSSH)

Upgrade using upgradepkg (as root): # upgradepkg openssh-3.7p1-i386-1.tgz

Restart OpenSSH: . /etc/rc.d/rc.sshd restart

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! | +------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/Z1e9akRjwEAQIjMRAmufAJ9LzlDM92HI9GHUD6VBb7XszGvnQwCfd9cf REvURD6OFDRCs4EhBQUsnuk= =7iqn -----END PGP SIGNATURE-----

  Nav
» Read more about: Story Type: Security; Groups: Slackware

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.