[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [linux-security] ALERT: possibility of remote root exploit in openssh (Debian)
On Tue, Sep 16, 2003 at 12:07:26PM -0700, Martin Siegert wrote:
> Topic
> =====
> possibility of remote root exploit in openssh
>
> Problem Description
> ===================
> A bug has been found in the OpenSSH buffer handling code. This bug has
> the potential of being remotely exploitable. Upgrading to a fixed
> version immediately is strongly advised.
>
> Affected Versions
> =================
> All versions of OpenSSH's sshd prior to 3.7
>
> Solution
> ========
> Upgrade to openssh-3.7p1 or apply the patch that is appended at the
> end of the advisory (setion Patch). Or upgrade to a patched version
> for your distribution.
Debian 3.0 (woody)
------------------
upgrade to ssh_3.4p1-1.1_i386.deb, ssh-askpass-gnome_3.4p1-1.1_i386.deb