Slackware Linux Advisory: OpenSSH [Archive]

Click to See Complete Forum and Search --> : Slackware Linux Advisory: OpenSSH

JohnT

09-16-2003, 07:32 PM

Slackware Linux Advisory: OpenSSH

Upgraded OpenSSH packages are available for Slackware 8.1, 9.0 and - -current. These fix a buffer management error found in versions of OpenSSH earlier than 3.7. The possibility exists that this error could allow a remote exploit, so we recommend all sites running OpenSSH upgrade to the newest OpenSSH package immediately.

Story and download links....HERE (http://linuxtoday.com/news_story.php3?ltsn=2003-09-16-030-26-SC-SL-SW)

OpenSSH advisories are also out for Redhat and Debian.

Hayl

09-16-2003, 07:43 PM

Gentoo as well.

pezplaya

09-16-2003, 07:45 PM

thanks, just updated.

serz

09-16-2003, 08:03 PM

Thanks for the info JohnT, I'll update it.

seabass55

09-16-2003, 08:57 PM

Anyone running ssh needs to make sure you update to 3.7.1. 3.7 as posted above didn't fix all the problems. I just compiled and installed.

JohnT

09-16-2003, 09:17 PM

From..... http://www.openssh.com/report.html

All architectures
* 004: SECURITY FIX: September 16, 2003
All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is unclear whether or not this bug is exploitable. A source code patch exists which remedies the problem.NOTE: this is the second revision of the patch that fixes an additional problem.

mairving

09-17-2003, 08:10 AM

If you are running Slackware, it is advisable to subscribe to the Slackware-Security mailing list (http://www.slackware.com/lists/). When there is a security advisory, they will email you. The email contains a link to the patch, some info about it and how to install it. Suprisingly the patch can be installed while SSH'd into a machine.