Slackware: openssh Buffer management error

    Date16 Sep 2003
    CategorySlackware
    2473
    Posted ByLinuxSecurity Advisories
    These fix a buffer management error found in versions ofOpenSSH earlier than 3.7. The possibility exists that this errorcould allow a remote exploit, so we recommend all sites runningOpenSSH upgrade to the new OpenSSH package immediately.
    
    [slackware-security]  OpenSSH Security Advisory (SSA:2003-259-01)
    
    Upgraded OpenSSH packages are available for Slackware 8.1, 9.0 and
    -current.  These fix a buffer management error found in versions of
    OpenSSH earlier than 3.7.  The possibility exists that this error
    could allow a remote exploit, so we recommend all sites running
    OpenSSH upgrade to the new OpenSSH package immediately.
    
    
    Here are the details from the Slackware 9.0 ChangeLog:
    +--------------------------+
    Tue Sep 16 11:13:05 PDT 2003
    patches/packages/openssh-3.7p1-i386-1.tgz:  Upgraded to openssh-3.7p1.
      From the OpenSSH Security Advisory
       (http://www.openssh.com/txt/buffer.adv):
          "All versions of OpenSSH's sshd prior to 3.7 contain a buffer
           management error.  It is uncertain whether this error is
           potentially exploitable, however, we prefer to see bugs
           fixed proactively."
      (* Security fix *)
    +--------------------------+
    
    
    WHERE TO FIND THE NEW PACKAGES:
    +-----------------------------+
    
    Updated package for Slackware 8.1: 
    ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssh-3.7p1-i386-1.tgz
    
    Updated package for Slackware 9.0: 
    ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssh-3.7p1-i386-1.tgz
    
    Updated package for Slackware -current: 
    ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-3.7p1-i486-1.tgz
    
    
    MD5 SIGNATURES:
    +-------------+
    
    Slackware 8.1 package:
    a86d410e47fe8ab4a8e9f04293a94093  openssh-3.7p1-i386-1.tgz
    
    Slackware 9.0 package:
    ca1d0b1e658c5391067f2a9cf11fc239  openssh-3.7p1-i386-1.tgz
    
    Slackware -current package:
    c58003eaaf4362c8475f0f5a77f2adbb  openssh-3.7p1-i486-1.tgz
    
    
    INSTALLATION INSTRUCTIONS:
    +------------------------+
    
    (This procedure is safe to do while logged in through OpenSSH)
    
    Upgrade using upgradepkg (as root):
    # upgradepkg openssh-3.7p1-i386-1.tgz
    
    Restart OpenSSH:
    . /etc/rc.d/rc.sshd restart
    
    
    +-----+
    
    Slackware Linux Security Team 
    http://slackware.com/gpg-key
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":56.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":13.04,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"7","type":"x","order":"3","pct":30.43,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.