Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

Slackware 12.0: 2007-255-01 Moderate: Openssh Security Fix

slackware
Calendar Grey September 12, 2007
Dist Slackware Esm H88
Enhanced OpenSSH packages for Slackware resolve security vulnerabilities and boost efficiency with specific encryption algorithms.
New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 to fix a possible security issue

Summary

Here are the details from the Slackware 12.0 ChangeLog: patches/packages/openssh-4.7p1-i486-1_slack12.0.tgz: Upgraded to openssh-4.7p1. From the OpenSSH release notes: "Security bugs resolved in this release: Prevent ssh(1) from using a trusted X11 cookie if creation of an untrusted cookie fails; found and fixed by Jan Pechanec." While it's fair to say that we here at Slackware don't see how this could be leveraged to compromise a system, a) the OpenSSH people (who presumably understand the code better) characterize this as a security bug, b) it has been assigned a CVE entry, and c) OpenSSH is one of the most commonly used network daemons. Better safe than sorry. More information should appear here eventually: https://www.cve.org/CVERecord?id=CVE-2007-4752 (* Security fix *)

Topics%20covered

Topics Covered

security advisory moderate slackware openssh performance enhancement network daemon

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 8.1:
Updated package for Slackware 9.0:
Updated package for Slackware 9.1:
Updated package for Slackware 10.0:
Updated package for Slackware 10.1:
Updated package for Slackware 10.2:
Updated package for Slackware 11.0:
Updated package for Slackware 12.0:

MD5 Signatures

Slackware 8.1 package: 25e0189c2bc95eea8bb16765754ecea1 openssh-4.7p1-i386-1_slack8.1.tgz
Slackware 9.0 package: 7505d255c41ef230253c717cc26ccbdb openssh-4.7p1-i386-1_slack9.0.tgz
Slackware 9.1 package: df85c1d9b38e013299a3836bb9c27132 openssh-4.7p1-i486-1_slack9.1.tgz
Slackware 10.0 package: da0ca9a9fe19b6a957841c713f1741c3 openssh-4.7p1-i486-1_slack10.0.tgz
Slackware 10.1 package: bde00df8778cd0493c3c0b725723a0c8 openssh-4.7p1-i486-1_slack10.1.tgz
Slackware 10.2 package: 882aefa12a491338232d062e1ae3a728 openssh-4.7p1-i486-1_slack10.2.tgz
Slackware 11.0 package: 3a39b28ceffc200fee92ebe78e259e92 openssh-4.7p1-i486-1_slack11.0.tgz
Slackware 12.0 package: 405be96f426dde59c0fd0cb55eaa555f openssh-4.7p1-i486-1_slack12.0.tgz

Severity
important
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory moderate slackware openssh performance enhancement network daemon

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg openssh-4.7p1-i486-1_slack12.0.tgz

Related News

Your message here