Stay Secure with the Latest Linux Advisories

security advisorycriticaldebian

Debian Sparc: DSA-025-2 Critical: OpenSSH LibSSL Mislinking

A former security upload of OpenSSH was linked against the wrongversion of libssl (providing an API to SSL), that version was notavailable on sparc.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------------- Debian Security Advisory DSA-025-2 This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Martin Schulze January 28, 2001 - ---------------------------------------------------------------------------- Package : openssh Vulnerability : Wrong libSSL Debian-specific: yes A former security upload of OpenSSH was linked against the wrong version of libssl (providing an API to SSL), that version was not available on sparc. This ought to fix a former upload that lacked support for PAM which lead into people not being able to log in into their server. This was only a problem on the sparc architecture. We recommend you upgrade your ssh packages on sparc. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 2.2 alias potato - ------------------------------------ Potato was released for the alpha, arm, i386, m68k, powerpc and sparc architectures. This is only a (though second) recompile for the sparc architecture and thus no new source and no other binary packages are provided Sun Sparc architecture: MD5 checksum: 3e94a9e0fae272c73d94f8eebc12856b MD5 checksum: 07f1d7d62c50f47f47061da201d20a2c These files will be moved into soon. For not yet released architectures please refer to the appropriate directory . - ---------------------------------------------------------------------------- For apt-get: deb Debian -- Security Information stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see The GNU Privacy Guard iD8DBQE6dGWbW5ql+IAeqTIRAqNlAKCZD3+t9Mg7UR/5y5ELtEql/z8D0wCeNOta RgXUuwteoZU2K2tr5xqHTQU=bcZr -----END PGP SIGNATURE----- . To fix the libSSL issue on Sparc CPUs, upgrade your Debian OpenSSH. Install the latest OpenSSL, apply Sparc-targeted updates, and recompile OpenSSH.. Debian, OpenSSH Update, Sparc, LibSSL Fix, Security Patch. . Severity: Critical. LinuxSecurity.com Team

Jan 28, 2001 •Critical Debian