Login
Newsletter
Werbung
Sicherheit: Fehlerhafter Vergleich in openssh
Aktuelle Meldungen Distributionen
Name: Fehlerhafter Vergleich in openssh
ID:
Distribution: Slackware
Plattformen: Slackware -current, Slackware 8.0
Datum: Sa, 9. März 2002, 12:00
Referenzen: Keine Angabe
Applikationen: Portable OpenSSH

Originalnachricht

 
New openssh packages are available to fix security problems.

Here's the information from the Slackware 8.0 ChangeLog:

----------------------------
Thu Mar  7 12:00:18 PST 2002
patches/packages/openssh.tgz:  Upgraded to openssh-3.1p1.

  This fixes a security problem in the openssh package.  All sites running
  OpenSSH should upgrade immediately.

  All versions of OpenSSH between 2.0 and 3.0.2 contain an off-by-one error
  in the channel code.  OpenSSH 3.1 and later are not affected.  This bug can
  be exploited locally by an authenticated user logging into a vulnerable
  OpenSSH server or by a malicious SSH server attacking a vulnerable OpenSSH
  client.  This bug was discovered by Joost Pol <joost@pine.nl>

(* Security fix *)
----------------------------


WHERE TO FIND THE NEW PACKAGE:
------------------------------
Updated openssh package for Slackware 8.0:
openssh.tgz

Updated openssh package for Slackware -current:
openssh-3.1p1-i386-1.tgz


MD5 SIGNATURE:
--------------

Here is the md5sum for the package:

Slackware 8.0:
1db0be2661cc1640aaa5797f9eb366db  openssh.tgz

Slackware -current:
d7686a09c398a76b0d0638c8dae615ef  openssh-3.1p1-i386-1.tgz


INSTALLATION INSTRUCTIONS:
--------------------------

First, stop sshd:
# /etc/rc.d/rc.sshd stop

Next, upgrade to the new openssh.tgz package:
# upgradepkg openssh.tgz

Finally, restart sshd:
# /etc/rc.d/rc.sshd start


Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
  http://www.slackware.com


+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung