Login
Newsletter
Werbung

Sicherheit: Fehlerhafter Vergleich in openssh
Aktuelle Meldungen Distributionen
Name: Fehlerhafter Vergleich in openssh
ID:
Distribution: Slackware
Plattformen: Slackware -current, Slackware 8.0
Datum: Sa, 9. März 2002, 12:00
Referenzen: Keine Angabe
Applikationen: Portable OpenSSH

Originalnachricht

New openssh packages are available to fix security problems.

Here's the information from the Slackware 8.0 ChangeLog:

----------------------------
Thu Mar 7 12:00:18 PST 2002
patches/packages/openssh.tgz: Upgraded to openssh-3.1p1.

This fixes a security problem in the openssh package. All sites running
OpenSSH should upgrade immediately.

All versions of OpenSSH between 2.0 and 3.0.2 contain an off-by-one error
in the channel code. OpenSSH 3.1 and later are not affected. This bug can
be exploited locally by an authenticated user logging into a vulnerable
OpenSSH server or by a malicious SSH server attacking a vulnerable OpenSSH
client. This bug was discovered by Joost Pol <joost@pine.nl>

(* Security fix *)
----------------------------


WHERE TO FIND THE NEW PACKAGE:
------------------------------
Updated openssh package for Slackware 8.0:
openssh.tgz

Updated openssh package for Slackware -current:
openssh-3.1p1-i386-1.tgz


MD5 SIGNATURE:
--------------

Here is the md5sum for the package:

Slackware 8.0:
1db0be2661cc1640aaa5797f9eb366db openssh.tgz

Slackware -current:
d7686a09c398a76b0d0638c8dae615ef openssh-3.1p1-i386-1.tgz


INSTALLATION INSTRUCTIONS:
--------------------------

First, stop sshd:
# /etc/rc.d/rc.sshd stop

Next, upgrade to the new openssh.tgz package:
# upgradepkg openssh.tgz

Finally, restart sshd:
# /etc/rc.d/rc.sshd start


Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
http://www.slackware.com


+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung