Pardus alert 2011-89 (openssh)

From:
    	     
 
Meltem Parmaksız <meltem@pardus.org.tr> 
To:
    	     
 
pardus-security@pardus.org.tr 
Subject:
    	     
 
[Pardus-security] [PLSA 2011-89] Openssh:
	portable-keysign-rand-helper 
Date:
    	     
 
Thu, 7 Jul 2011 09:32:22 +0300
Message-ID:
    	     
 
<201107070932.22304.meltem@pardus.org.tr>
Archive-link:
    	     
 
Article, Thread
              
------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-89            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-07-06
      Type: Local
------------------------------------------------------------------------

Summary
=======

A vulnerability has been fixed in openssh. 


Description
===========

Portable OpenSSH's ssh-keysign utility  may  allow  unauthorised  local 
access to host keys on platforms if ssh-rand-helper is used. 



Affected packages:

  Pardus 2009:
    openssh, all before 5.6_p1-32-8


Resolution
==========

There are update(s) for openssh. You can update them via Package Manager
or with a single command from console: 

    pisi up openssh

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=18015
  * http://www.openssh.com/txt/portable-keysign-rand-helper.adv

------------------------------------------------------------------------
_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security