Debian: ssh Multiple additional vulnerabilities

    Date21 Sep 2003
    CategoryDebian
    2038
    Posted ByLinuxSecurity Advisories
    This advisory is an addition to the earlier DSA-382-1 and DSA-382-3advisories: Solar Designer found four more bugs in OpenSSH that may beexploitable.
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-382-3                   This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                         Wichert Akkerman
    September 21, 2003
    - ------------------------------------------------------------------------
    
    
    Package        : ssh
    Vulnerability  : buffer handling
    Problem type   : possible remote
    Debian-specific: no
    CVE references : CAN-2003-0693 CAN-2003-0695 CAN-2003-0682
    
    This advisory is an addition to the earlier DSA-382-1 and DSA-382-3
    advisories: Solar Designer found four more bugs in OpenSSH that may be
    exploitable.
    
    For the Debian stable distribution these bugs have been fixed in version
    1:3.4p1-1.woody.3 .
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1.orig.tar.gz
          Size/MD5 checksum:   837668 459c1d0262e939d6432f193c7a4ba8a8
         http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-1.woody.3.diff.gz
          Size/MD5 checksum:    36523 b264717da79efedfbaaecfede3ec5934
         http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-1.woody.3.dsc
          Size/MD5 checksum:     1350 bf5970e940e1d5bf7345a1d9e778d7f4
    
      alpha architecture (DEC Alpha)
    
         http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_alpha.deb
          Size/MD5 checksum:    35900 634340333420155ddaf6f70fab3fbd59
         http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_alpha.deb
          Size/MD5 checksum:   850196 c9e82af3e9f16941c64d0ae478e1f184
    
      arm architecture (ARM)
    
         http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_arm.deb
          Size/MD5 checksum:    35132 b7c3431b949c24cf1c040be28e06fbbf
         http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_arm.deb
          Size/MD5 checksum:   658324 5ac2853c07e93bc498aadcc63565bb82
    
      hppa architecture (HP PA RISC)
    
         http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_hppa.deb
          Size/MD5 checksum:   755910 14d426db61713617a1e914bd1c675b07
         http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_hppa.deb
          Size/MD5 checksum:    35494 714c4e74169c5985ad745f8928d1e831
    
      i386 architecture (Intel ia32)
    
         http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_i386.deb
          Size/MD5 checksum:    35414 ab621997a28bc30c928c2d317ae0c3a9
         http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_i386.deb
          Size/MD5 checksum:   642624 a4293645b075984afa600f8094395c2d
    
      ia64 architecture (Intel ia64)
    
         http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_ia64.deb
          Size/MD5 checksum:  1002720 ac989f421d1de08ce6487060ce231968
         http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_ia64.deb
          Size/MD5 checksum:    36906 45b3a0b3f0564cc6688fab9bc2bceee1
    
      mipsel architecture (MIPS (Little Endian))
    
         http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_mipsel.deb
          Size/MD5 checksum:   727514 4b667b3d8306af3eb8073e66932c853d
         http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_mipsel.deb
          Size/MD5 checksum:    35384 2395ff7a07f5d4e255844d0f608a8161
    
      powerpc architecture (PowerPC)
    
         http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_powerpc.deb
          Size/MD5 checksum:   681524 f8f9c03826fce1dccc16c7d47b93a376
         http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_powerpc.deb
          Size/MD5 checksum:    35150 b6a0d8c9edf371d118dd32d503102c6c
    
      s390 architecture (IBM S/390)
    
         http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_s390.deb
          Size/MD5 checksum:   718140 97e5e2e22860eb74d336e2938286d7a7
         http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_s390.deb
          Size/MD5 checksum:    35786 97f0c72c5d72b61b5fe9c0c2a1d278be
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
         http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_sparc.deb
          Size/MD5 checksum:   686130 d44dec2bc9161419f71f769fff78f95b
         http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_sparc.deb
          Size/MD5 checksum:    35202 1b2eb82ad15a4209237a61000dc63c3c
    - -- 
    - ----------------------------------------------------------------------------
    Debian Security team <This email address is being protected from spambots. You need JavaScript enabled to view it.> 
    http://www.debian.org/security/
    Mailing-List: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)
    
    iD8DBQE/bfZaPLiSUC+jvC0RAm/eAJoCBZEgxQNjwmUPF/X5nDmzSwdYrwCfQAjQ
    9EzuhfWxLhqW/yZ7Vd1fcjc=
    =DXMK
    -----END PGP SIGNATURE-----
    
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.