LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Eridani alert ERISA-2002:026 (openssh)



From:
    	      Eridani Star System <linux@eridani.co.uk>


To:
    	      lwn@lwn.net


Subject:
    	      ERISA-2002:026 - openssh


Date:
    	      Thu, 27 Jun 2002 21:57:34 +0100 (BST)



The original mailing seems to have got lost somewhere. Probably due to my 
ISP's recent routing issues.

-- Michael "Soruk" McConnell                       http://www.eridani.co.uk
Eridani Linux  --  Now including Cygwin amongst the CDs available
Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more...

---------- Forwarded message ----------
Date: Wed, 26 Jun 2002 18:02:02 +0100 (BST)
From: Eridani Star System <linux@eridani.co.uk>
To: eridani-announce@eridani.co.uk
Subject: ERISA-2002:026 - openssh

=========================================================================
		ERIDANI LINUX - SECURITY ANNOUNCEMENT
=========================================================================

Package:	openssh
Summary:	Input validation error can allow privilege escalation
Date:		2002-06-26
ID:		ERISA-2002:026

=========================================================================

Problem description:

  All versions of OpenSSH's sshd between 2.9.9 and 3.3 contain an input
  validation error that can result in an integer overflow and privilege
  escalation.

  Although OpenSSH 2.9 and earlier are not affected upgrading to OpenSSH
  3.4 is recommended, because OpenSSH 3.4 adds checks for a class of
  potential bugs.

  These packages come with compression disabled in the config file, due to
  privilege separation and compression not working together on 2.2.x kernels.

-------------------------------------------------------------------------
Updated packages:

  77743c94d0c4e3ce7aecde5fd1d4ad30  openssh-3.4p1-1.src.rpm

  e1d5c1885d32bc9e86130f507563ec1e  openssh-3.4p1-1.i386.rpm
  2f4304b804571b0aac6fc44083778721  openssh-askpass-3.4p1-1.i386.rpm
  a0e220a342bb51239e412a3c4fd64f3d  openssh-askpass-gnome-3.4p1-1.i386.rpm
  c440f4662b662a9aba6fc534226fd531  openssh-clients-3.4p1-1.i386.rpm
  f053be2c647d7530a70dc49d26bafafb  openssh-server-3.4p1-1.i386.rpm

-------------------------------------------------------------------------
References:

  http://lwn.net/Articles/3531/

=========================================================================

Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/
or by HTTP from http://ftp.eridani.co.uk/

Packages are signed with our GNU GPG key, also on our FTP site.

Users of releases of Eridani Linux prior to 6.3 are advised to download
the source RPM and rebuild for their system.

Copyright (C)2002 Eridani Star System

-- Michael "Soruk" McConnell                       http://www.eridani.co.uk
Eridani Linux  --  The Most Up-to-Date Red Hat-based Linux CDROMs Available
Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds