Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Slackware 10.2: 2006-272-02 Moderate: OpenSSH Denial Of Service Issue

slackware
Calendar Grey September 29, 2006
Dist Slackware Esm H88
Fresh OpenSSH updates available for Slackware, tackling significant security vulnerabilities; find comprehensive information on enhancements and installation procedures here.
New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues

Summary

Here are the details from the Slackware 10.2 ChangeLog: patches/packages/openssh-4.4p1-i486-1_slack10.2.tgz: Upgraded to openssh-4.4p1. This fixes a few security related issues. From the release notes found at https://www.openssh.org/txt/release-4.4 * Fix a pre-authentication denial of service found by Tavis Ormandy, that would cause sshd(8) to spin until the login grace time expired. * Fix an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. On portable OpenSSH, this vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote. * On portable OpenSSH, fix a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. Links to

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service package update security fix slackware openssh

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab () for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 8.1:
Updated package for Slackware 9.0:
Updated package for Slackware 9.1:
Updated package for Slackware 10.0:
Updated package for Slackware 10.1:
Updated package for Slackware 10.2:
Updated package for Slackware -current:


MD5 Signatures

Slackware 8.1 package: 0a42fb286fd722f019dfc5f167d69ced openssh-4.4p1-i386-1_slack8.1.tgz
Slackware 9.0 package: 92563664845d902251d7b19254b3dda1 openssh-4.4p1-i386-1_slack9.0.tgz
Slackware 9.1 package: 5814a00eefa0b1e1fe7673862525788e openssh-4.4p1-i486-1_slack9.1.tgz
Slackware 10.0 package: 24ce8b2013b8759a173e5ccd7db54289 openssh-4.4p1-i486-1_slack10.0.tgz
Slackware 10.1 package: e7950e6a357871092514ce07051f055e openssh-4.4p1-i486-1_slack10.1.tgz
Slackware 10.2 package: b8d2d67276a662de40d6adf9bfe00bce openssh-4.4p1-i486-1_slack10.2.tgz
Slackware -current package: 6f2c30b503db9685180af6f4a87eadcc openssh-4.4p1-i486-1.tgz

Severity
important
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory denial of service package update security fix slackware openssh

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg openssh-4.4p1-i486-1_slack10.2.tgz If you are running an sshd daemon, restart it: sh /etc/rc.d/rc.sshd restart

Related News

Your message here