drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Fehlerhafter Vergleich in openssh
Name: |
Fehlerhafter Vergleich in openssh
|
|
ID: |
|
|
Distribution: |
Slackware |
|
Plattformen: |
Slackware -current, Slackware 8.0 |
|
Datum: |
Sa, 9. März 2002, 12:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Portable OpenSSH |
|
Originalnachricht |
New openssh packages are available to fix security problems.
Here's the information from the Slackware 8.0 ChangeLog:
---------------------------- Thu Mar 7 12:00:18 PST 2002 patches/packages/openssh.tgz: Upgraded to openssh-3.1p1.
This fixes a security problem in the openssh package. All sites running OpenSSH should upgrade immediately.
All versions of OpenSSH between 2.0 and 3.0.2 contain an off-by-one error in the channel code. OpenSSH 3.1 and later are not affected. This bug can be exploited locally by an authenticated user logging into a vulnerable OpenSSH server or by a malicious SSH server attacking a vulnerable OpenSSH client. This bug was discovered by Joost Pol <joost@pine.nl>
(* Security fix *) ----------------------------
WHERE TO FIND THE NEW PACKAGE: ------------------------------ Updated openssh package for Slackware 8.0: openssh.tgz
Updated openssh package for Slackware -current: openssh-3.1p1-i386-1.tgz
MD5 SIGNATURE: --------------
Here is the md5sum for the package:
Slackware 8.0: 1db0be2661cc1640aaa5797f9eb366db openssh.tgz
Slackware -current: d7686a09c398a76b0d0638c8dae615ef openssh-3.1p1-i386-1.tgz
INSTALLATION INSTRUCTIONS: --------------------------
First, stop sshd: # /etc/rc.d/rc.sshd stop
Next, upgrade to the new openssh.tgz package: # upgradepkg openssh.tgz
Finally, restart sshd: # /etc/rc.d/rc.sshd start
Remember, it's also a good idea to backup configuration files before upgrading packages.
- Slackware Linux Security Team http://www.slackware.com
+------------------------------------------------------------------------+ | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! | +------------------------------------------------------------------------+
|
|
|
|