[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [linux-security] ALERT: possibility of remote root exploit in openssh (Mandrake)
On Tue, Sep 16, 2003 at 12:07:26PM -0700, Martin Siegert wrote:
> Topic
> =====
> possibility of remote root exploit in openssh
>
> Problem Description
> ===================
> A bug has been found in the OpenSSH buffer handling code. This bug has
> the potential of being remotely exploitable. Upgrading to a fixed
> version immediately is strongly advised.
>
> Affected Versions
> =================
> All versions of OpenSSH's sshd prior to 3.7
>
> Solution
> ========
> Upgrade to openssh-3.7p1 or apply the patch that is appended at the
> end of the advisory (setion Patch). Or upgrade to a patched version
> for your distribution.
Mandrake 8.2
------------
rpm -Fvh openssh-3.6.1p2-1.1.82mdk.i586.rpm \
openssh-clients-3.6.1p2-1.1.82mdk.i586.rpm \
openssh-server-3.6.1p2-1.1.82mdk.i586.rpm \
openssh-askpass-3.6.1p2-1.1.82mdk.i586.rpm \
openssh-askpass-gnome-3.6.1p2-1.1.82mdk.i586.rpm
Mandrake 9.0
------------
rpm -Fvh openssh-3.6.1p2-1.1.90mdk.i586.rpm \
openssh-askpass-3.6.1p2-1.1.90mdk.i586.rpm \
openssh-askpass-gnome-3.6.1p2-1.1.90mdk.i586.rpm \
openssh-clients-3.6.1p2-1.1.90mdk.i586.rpm \
openssh-server-3.6.1p2-1.1.90mdk.i586.rpm
Mandrake 9.1
------------
rpm -Fvh openssh-3.6.1p2-1.1.91mdk.i586.rpm \
openssh-clients-3.6.1p2-1.1.91mdk.i586.rpm \
openssh-server-3.6.1p2-1.1.91mdk.i586.rpm \
openssh-askpass-3.6.1p2-1.1.91mdk.i586.rpm \
openssh-askpass-gnome-3.6.1p2-1.1.91mdk.i586.rpm