Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in openssh
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in openssh
ID: MDKSA-2006:179
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0, Mandriva 2006.0, Mandriva Corporate 4.0, Mandriva 2007.0
Datum: Mi, 4. Oktober 2006, 00:24
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051
Applikationen: Portable OpenSSH

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1159914267-16860-431


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:179
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : openssh
 Date    : October 3, 2006
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Tavis Ormandy of the Google Security Team discovered a Denial of
 Service vulnerability in the SSH protocol version 1 CRC compensation
 attack detector.  This could allow a remote unauthenticated attacker to
 trigger excessive CPU utilization by sending a specially crafted SSH
 message, which would then deny ssh services to other users or processes
 (CVE-2006-4924, CVE-2006-4925).  Please note that Mandriva ships with
 only SSH protocol version 2 enabled by default.

 Next, an unsafe signal handler was found by Mark Dowd.  This signal
 handler was vulnerable to a race condition that could be exploited to
 perform a pre-authentication DoS, and theoretically a
 pre-authentication remote code execution in the case where some
 authentication methods like GSSAPI are enabled (CVE-2006-5051).

 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4925
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 1280b30b3520a9ca5c2e6a716a770a0c 
 2006.0/i586/openssh-4.3p1-0.3.20060mdk.i586.rpm
 007b28a957c4537d6ed196d2b2367c1e 
 2006.0/i586/openssh-askpass-4.3p1-0.3.20060mdk.i586.rpm
 280b2c0b27ef2387110d363493be892f 
 2006.0/i586/openssh-askpass-gnome-4.3p1-0.3.20060mdk.i586.rpm
 3a41abc407c20928f672223c67d06c36 
 2006.0/i586/openssh-clients-4.3p1-0.3.20060mdk.i586.rpm
 063589a511985d4127e03c349fa23330 
 2006.0/i586/openssh-server-4.3p1-0.3.20060mdk.i586.rpm 
 6f11187f048ef296607c54c1c92e7c24 
 2006.0/SRPMS/openssh-4.3p1-0.3.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 68bc6ad235e0534bc57e180b90c33bdb 
 2006.0/x86_64/openssh-4.3p1-0.3.20060mdk.x86_64.rpm
 d0668a2d76eb927afcaa4897fc509f91 
 2006.0/x86_64/openssh-askpass-4.3p1-0.3.20060mdk.x86_64.rpm
 502b3088f7f55d3de57b2278b5452a5a 
 2006.0/x86_64/openssh-askpass-gnome-4.3p1-0.3.20060mdk.x86_64.rpm
 2551d84521716a9b6702a98b9d121b9d 
 2006.0/x86_64/openssh-clients-4.3p1-0.3.20060mdk.x86_64.rpm
 c8627d7e04e87c1e5bed7d0b744b2ad2 
 2006.0/x86_64/openssh-server-4.3p1-0.3.20060mdk.x86_64.rpm 
 6f11187f048ef296607c54c1c92e7c24 
 2006.0/SRPMS/openssh-4.3p1-0.3.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 9687bdb4f2865c2765da0f01efda87ef 
 2007.0/i586/openssh-4.3p2-12.1mdv2007.0.i586.rpm
 40f80b906c0e9ec5d2d6622ce7efc3fd 
 2007.0/i586/openssh-askpass-4.3p2-12.1mdv2007.0.i586.rpm
 b50bae14a353fdd3ca632096467a51cd 
 2007.0/i586/openssh-askpass-common-4.3p2-12.1mdv2007.0.i586.rpm
 0d393f5af4f97c0ca2073c3f11628a40 
 2007.0/i586/openssh-askpass-gnome-4.3p2-12.1mdv2007.0.i586.rpm
 084d0fa10aa7daa1aaea59cb2efc9494 
 2007.0/i586/openssh-clients-4.3p2-12.1mdv2007.0.i586.rpm
 07f0a46845c178b78549c0734074407f 
 2007.0/i586/openssh-server-4.3p2-12.1mdv2007.0.i586.rpm 
 c9ccf40372c7c2b0eca968aec9f9385d 
 2007.0/SRPMS/openssh-4.3p2-12.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 a1ed25a9f53038434574b3ce921eac1a 
 2007.0/x86_64/openssh-4.3p2-12.1mdv2007.0.x86_64.rpm
 d9acf43a28f105d80fcd7a12535efdda 
 2007.0/x86_64/openssh-askpass-4.3p2-12.1mdv2007.0.x86_64.rpm
 ed6488abb9c621dab762307136493969 
 2007.0/x86_64/openssh-askpass-common-4.3p2-12.1mdv2007.0.x86_64.rpm
 ef48a28c45ec44dc1f20eb0ee26f4877 
 2007.0/x86_64/openssh-askpass-gnome-4.3p2-12.1mdv2007.0.x86_64.rpm
 80c7ee2ccb6ac35fe1b893cb58b092cd 
 2007.0/x86_64/openssh-clients-4.3p2-12.1mdv2007.0.x86_64.rpm
 217eb2fbf7574aa34a592e54d527f8dd 
 2007.0/x86_64/openssh-server-4.3p2-12.1mdv2007.0.x86_64.rpm 
 c9ccf40372c7c2b0eca968aec9f9385d 
 2007.0/SRPMS/openssh-4.3p2-12.1mdv2007.0.src.rpm

 Corporate 3.0:
 08ee3d3de53563481a748d8b4d9f5e5b 
 corporate/3.0/i586/openssh-4.3p1-0.2.C30mdk.i586.rpm
 bb472724a2e1afce4b2d526f75d65d3e 
 corporate/3.0/i586/openssh-askpass-4.3p1-0.2.C30mdk.i586.rpm
 cdcf5e37768032e2c6599d219493db0c 
 corporate/3.0/i586/openssh-askpass-gnome-4.3p1-0.2.C30mdk.i586.rpm
 1909a018d6883df234a2bb41072a839b 
 corporate/3.0/i586/openssh-clients-4.3p1-0.2.C30mdk.i586.rpm
 fc516bf57f9faf0168fef9638f1f7546 
 corporate/3.0/i586/openssh-server-4.3p1-0.2.C30mdk.i586.rpm 
 b6c94995c4c1408a1d72b6fb1956e7c1 
 corporate/3.0/SRPMS/openssh-4.3p1-0.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 dab1069ffd0d206b230872ce11d6ef32 
 corporate/3.0/x86_64/openssh-4.3p1-0.2.C30mdk.x86_64.rpm
 940a582fce6836589755ceea2d494421 
 corporate/3.0/x86_64/openssh-askpass-4.3p1-0.2.C30mdk.x86_64.rpm
 ee2543c6210ce8294e586305aa950c0e 
 corporate/3.0/x86_64/openssh-askpass-gnome-4.3p1-0.2.C30mdk.x86_64.rpm
 236f5b3229aebf958a7726f861f5c279 
 corporate/3.0/x86_64/openssh-clients-4.3p1-0.2.C30mdk.x86_64.rpm
 245fa68997db318e68b27c1d47a19219 
 corporate/3.0/x86_64/openssh-server-4.3p1-0.2.C30mdk.x86_64.rpm 
 b6c94995c4c1408a1d72b6fb1956e7c1 
 corporate/3.0/SRPMS/openssh-4.3p1-0.2.C30mdk.src.rpm

 Corporate 4.0:
 cd934818457b0e688c5e49e16e022e03 
 corporate/4.0/i586/openssh-4.3p1-0.3.20060mlcs4.i586.rpm
 3d14fc47de98f81e803755f80df948c1 
 corporate/4.0/i586/openssh-askpass-4.3p1-0.3.20060mlcs4.i586.rpm
 03f2d3a6089b5a2d5abcf3ceffeecdc1 
 corporate/4.0/i586/openssh-askpass-gnome-4.3p1-0.3.20060mlcs4.i586.rpm
 37a2a56723f5dc119acce62df2759749 
 corporate/4.0/i586/openssh-clients-4.3p1-0.3.20060mlcs4.i586.rpm
 331331d9843f490c6e98c28d54b42ca9 
 corporate/4.0/i586/openssh-server-4.3p1-0.3.20060mlcs4.i586.rpm 
 988d0f895a34d6a71e69f7ec12bd45f0 
 corporate/4.0/SRPMS/openssh-4.3p1-0.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 5bdd94f5242c68fe0b490c13cbd08ea0 
 corporate/4.0/x86_64/openssh-4.3p1-0.3.20060mlcs4.x86_64.rpm
 48874aea14500ca90da22dcdfab029f8 
 corporate/4.0/x86_64/openssh-askpass-4.3p1-0.3.20060mlcs4.x86_64.rpm
 4f7a3fc780511ead79932bbdf5e64b61 
 corporate/4.0/x86_64/openssh-askpass-gnome-4.3p1-0.3.20060mlcs4.x86_64.rpm
 d99aa2e584d3e58cf40e49c99d9ce3a6 
 corporate/4.0/x86_64/openssh-clients-4.3p1-0.3.20060mlcs4.x86_64.rpm
 6a622455fc895b7b30d049d799207f19 
 corporate/4.0/x86_64/openssh-server-4.3p1-0.3.20060mlcs4.x86_64.rpm 
 988d0f895a34d6a71e69f7ec12bd45f0 
 corporate/4.0/SRPMS/openssh-4.3p1-0.3.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 6da5f9bf7f28e8017133a4f5fa72651f 
 mnf/2.0/i586/openssh-4.3p1-0.2.M20mdk.i586.rpm
 3b5fce9c7d8a67a179bb40c3c537f160 
 mnf/2.0/i586/openssh-askpass-4.3p1-0.2.M20mdk.i586.rpm
 7ff70b823d0fa18677447a90bb3ea503 
 mnf/2.0/i586/openssh-askpass-gnome-4.3p1-0.2.M20mdk.i586.rpm
 434e7b3885a37ce4d72ed7f2fd3d9342 
 mnf/2.0/i586/openssh-clients-4.3p1-0.2.M20mdk.i586.rpm
 1772c26f342a5d8b00c3894cdf6ad514 
 mnf/2.0/i586/openssh-server-4.3p1-0.2.M20mdk.i586.rpm 
 2d96693d80c25155b97272596da9aabe 
 mnf/2.0/SRPMS/openssh-4.3p1-0.2.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFIrMhmqjQ0CJFipgRAgorAKCOcYilSXP6Kb9+YvEPo+cCQqNU4ACg34yT
q/lGk643+mKj9Xi4CNcCHS8=
=ztdc
-----END PGP SIGNATURE-----


------------=_1159914267-16860-431
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1159914267-16860-431--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung