Debian: 'openssh' vulnerability | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute

- ------------------------------------------------------------------------
Debian Security Advisory                             [email protected] 
https://www.debian.org/security/                         Wichert Akkerman
November 18, 2000
- ------------------------------------------------------------------------


Package        : openssh
Problem type   : remote exploit
Debian-specific: no

The adv.fwd security advisory from OpenBSD reported a problem
with openssh that Jacob Langseth <[email protected]> found: when
the connection is established the remote ssh server can force
the ssh client to enable agent and X11 forwarding.

This has been fixed in version 1.2.3-9.1 and we recommend
that you upgrade your openssh packages immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.


Debian GNU/Linux 2.2 alias potato
- ---------------------------------
  
  Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
  Packages for sparc are not available at this moment; they
  will be announced later at  https://security.debian.org/
  
  Source archives:
 
https://security.debian.org/dists/stable/updates/main/source/openssh_1.2.3-9.1.diff.gz 
      MD5 checksum: 720a7ee40f334b5704a8acbc260ae0dc
 
https://security.debian.org/dists/stable/updates/main/source/openssh_1.2.3-9.1.dsc     
      MD5 checksum: e0c0987ec4e7b8eccd98dabbe75ea231
 
https://security.debian.org/dists/stable/updates/main/source/openssh_1.2.3.orig.tar.gz 
      MD5 checksum: 6aad0cc9ceca55f138ed1ba4cf660349
  
  Architecture indendent archives:
    
https://security.debian.org/dists/stable/updates/main/binary-all/ssh-askpass-ptk_1.2.3-9.1_all.deb
      MD5 checksum: cb2bfd756f5d4fd52ae4656f9bd61420

  Alpha architecture:
    
https://security.debian.org/dists/stable/updates/main/binary-alpha/ssh-askpass-gnome_1.2.3-9.1_alpha.deb
      MD5 checksum: a8b51ca7b67cb0e5aeedac4fa301d18c
    
https://security.debian.org/dists/stable/updates/main/binary-alpha/ssh_1.2.3-9.1_alpha.deb
      MD5 checksum: bb58e19e240adfe940fbebe2364f6f35

  ARM architecture:
    
https://security.debian.org/dists/stable/updates/main/binary-arm/ssh-askpass-gnome_1.2.3-9.1_arm.deb
      MD5 checksum: 543e76b02e7cfdb35f9b92365dc4610b
    
https://security.debian.org/dists/stable/updates/main/binary-arm/ssh_1.2.3-9.1_arm.deb
      MD5 checksum: ed70bc90de326bfec9899f4ed0ac5b6d

  Intel ia32 architecture:
    
https://security.debian.org/dists/stable/updates/main/binary-i386/ssh-askpass-gnome_1.2.3-9.1_i386.deb
      MD5 checksum: a03ebc405c792bbef06d4f3235f0a0d3
    
https://security.debian.org/dists/stable/updates/main/binary-i386/ssh_1.2.3-9.1_i386.deb
      MD5 checksum: c1dfbadec6f9ef38b1ed9391bb1e8c52

  Motorola 680x0 architecture:
    
https://security.debian.org/dists/stable/updates/main/binary-m68k/ssh-askpass-gnome_1.2.3-9.1_m68k.deb
      MD5 checksum: dcdffa2a00132500621d4eb32ecbae9a
    
https://security.debian.org/dists/stable/updates/main/binary-m68k/ssh_1.2.3-9.1_m68k.deb
      MD5 checksum: e0059e6bfe72a14a18803a507884d194

  PowerPC architecture:
    
https://security.debian.org/dists/stable/updates/main/binary-powerpc/ssh-askpass-gnome_1.2.3-9.1_powerpc.deb
      MD5 checksum: 4354d03dc3030da57bb1ce91fac6247a
    
https://security.debian.org/dists/stable/updates/main/binary-powerpc/ssh_1.2.3-9.1_powerpc.deb
      MD5 checksum: 5419aab89a4270933849430efdc0c3d2


  These files will be moved into
   ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.

For not yet released architectures please refer to the appropriate
directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

- -- 
- ----------------------------------------------------------------------------
apt-get: deb  https://security.debian.org/ stable/updates main
dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]

Debian: 'openssh' vulnerability

November 18, 2000

Summary

Package : openssh
Problem type : remote exploit
Debian-specific: no

The adv.fwd security advisory from OpenBSD reported a problem
with openssh that Jacob Langseth <[email protected]> found: when
the connection is established the remote ssh server can force
the ssh client to enable agent and X11 forwarding.

This has been fixed in version 1.2.3-9.1 and we recommend
that you upgrade your openssh packages immediately.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.


Debian GNU/Linux 2.2 alias potato

Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Packages for sparc are not available at this moment; they
will be announced later at https://security.debian.org/

Source archives:

https://security.debian.org/dists/stable/updates/main/source/openssh_1.2.3-9.1.diff.gz
MD5 checksum: 720a7ee40f334b5704a8acbc260ae0dc

https://security.debian.org/dists/stable/updates/main/source/openssh_1.2.3-9.1.dsc
MD5 checksum: e0c0987ec4e7b8eccd98dabbe75ea231

https://security.debian.org/dists/stable/updates/main/source/openssh_1.2.3.orig.tar.gz
MD5 checksum: 6aad0cc9ceca55f138ed1ba4cf660349

Architecture indendent archives:

https://security.debian.org/dists/stable/updates/main/binary-all/ssh-askpass-ptk_1.2.3-9.1_all.deb
MD5 checksum: cb2bfd756f5d4fd52ae4656f9bd61420

Alpha architecture:

https://security.debian.org/dists/stable/updates/main/binary-alpha/ssh-askpass-gnome_1.2.3-9.1_alpha.deb
MD5 checksum: a8b51ca7b67cb0e5aeedac4fa301d18c

https://security.debian.org/dists/stable/updates/main/binary-alpha/ssh_1.2.3-9.1_alpha.deb
MD5 checksum: bb58e19e240adfe940fbebe2364f6f35

ARM architecture:

https://security.debian.org/dists/stable/updates/main/binary-arm/ssh-askpass-gnome_1.2.3-9.1_arm.deb
MD5 checksum: 543e76b02e7cfdb35f9b92365dc4610b

https://security.debian.org/dists/stable/updates/main/binary-arm/ssh_1.2.3-9.1_arm.deb
MD5 checksum: ed70bc90de326bfec9899f4ed0ac5b6d

Intel ia32 architecture:

https://security.debian.org/dists/stable/updates/main/binary-i386/ssh-askpass-gnome_1.2.3-9.1_i386.deb
MD5 checksum: a03ebc405c792bbef06d4f3235f0a0d3

https://security.debian.org/dists/stable/updates/main/binary-i386/ssh_1.2.3-9.1_i386.deb
MD5 checksum: c1dfbadec6f9ef38b1ed9391bb1e8c52

Motorola 680x0 architecture:

https://security.debian.org/dists/stable/updates/main/binary-m68k/ssh-askpass-gnome_1.2.3-9.1_m68k.deb
MD5 checksum: dcdffa2a00132500621d4eb32ecbae9a

https://security.debian.org/dists/stable/updates/main/binary-m68k/ssh_1.2.3-9.1_m68k.deb
MD5 checksum: e0059e6bfe72a14a18803a507884d194

PowerPC architecture:

https://security.debian.org/dists/stable/updates/main/binary-powerpc/ssh-askpass-gnome_1.2.3-9.1_powerpc.deb
MD5 checksum: 4354d03dc3030da57bb1ce91fac6247a

https://security.debian.org/dists/stable/updates/main/binary-powerpc/ssh_1.2.3-9.1_powerpc.deb
MD5 checksum: 5419aab89a4270933849430efdc0c3d2


These files will be moved into
ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.

For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

- --
apt-get: deb https://security.debian.org/ stable/updates main
dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]





Severity

News

Advisories

HOWTOs

Features

An Enterprise’s Guide To Strengthening Linux Cloud Security
Keeping Your Private Files Private: An Introduction to GNU Privacy Guard
Complete Guide to Ethical Hacking
Authoritative Guide on Linux Disk Encryption
Linux Database Security Tips

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy