Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| ||||||||||||||||
Gentoo alert 200309-12 (openssh)
- - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200309-12 - - - --------------------------------------------------------------------- PACKAGE : openssh SUMMARY : buffer management error DATE : 2003-09-16 22:53 UTC EXPLOIT : remote VERSIONS AFFECTED : <=openssh-3.7_p1 FIXED VERSION : >=openssh-3.7.1_p1 CVE : CAN-2003-0693 - - - --------------------------------------------------------------------- quote from advisory: "All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable,however, we prefer to see bugs fixed proactively." read the full advisory at: http://www.openssh.com/txt/buffer.adv This is a follow up advisory to indicate the further fixes have been made. From the ChangeLog: - (djm) OpenBSD Sync - markus@cvs.openbsd.org 2003/09/16 21:02:40 [buffer.c channels.c version.h] more malloc/fatal fixes; ok millert/deraadt; ghudson at MIT.EDU (reported on http://bugs.gentoo.org/show_bug.cgi?id=28927 by Christian Rubbert <ceed@xrc.de>) SOLUTION It is recommended that all Gentoo Linux users who are running net-misc/openssh upgrade to openssh-3.7.1_p1 as follows: emerge sync emerge openssh emerge clean - - --------------------------------------------------------------- seemant@gentoo.org - GnuPG key in signature below and on keyservers vapier@gentoo.org -- Seemant Kulleen Developer and Project Co-ordinator, Gentoo Linux http://dev.gentoo.org/~seemant Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3458780E Key fingerprint = 23A9 7CB5 9BBB 4F8D 549B 6593 EDA2 65D8 3458 780E (Log in to post comments)
|
||||||||||||||||