![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: Eridani Star System <linux@eridani.co.uk>
To: eridani-announce@eridani.co.uk
Subject: [Eridani-Announce] ERISA-2002:017
Date: Thu, 23 May 2002 20:29:23 +0100 (BST)
=========================================================================
ERIDANI LINUX - SECURITY ANNOUNCEMENT
=========================================================================
Package: openssh
Summary: Multiple vulnerabilities
Date: 2002-05-23
ID: ERISA-2002:017
=========================================================================
Problem description:
From OpenSSH's release:
- fixed buffer overflow in Kerberos/AFS token passing
- fixed overflow in Kerberos client code
- sshd no longer auto-enables Kerberos/AFS
- experimental support for privilege separation,
see UsePrivilegeSeparation in sshd(8) and
http://www.citi.umich.edu/u/provos/ssh/privsep.html
for more information.
- only accept RSA keys of size SSH_RSA_MINIMUM_MODULUS_SIZE (768) or
larger
-------------------------------------------------------------------------
Updated packages:
3e4cc6db83ad65288f56e59cadbf0e9b openssh-3.2.3p1-1.src.rpm
3ba53aa3d96c62ead211a5c4d30fb6c8 openssh-3.2.3p1-1.i386.rpm
039f6986fa7bb84c7bbf6bfc2e0348c2 openssh-askpass-3.2.3p1-1.i386.rpm
adc4ddbf7e5bbdf1e6924ff12ec1d6ac openssh-askpass-gnome-3.2.3p1-1.i386.rpm
d7b4c605d90992ffbfa7545f300abb1a openssh-clients-3.2.3p1-1.i386.rpm
a80a7e7549286fc47ae7378aafa1a012 openssh-server-3.2.3p1-1.i386.rpm
-------------------------------------------------------------------------
References:
http://lwn.net/2002/0523/a/openssh322.php3
=========================================================================
Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/
or by HTTP from http://ftp.eridani.co.uk/
Packages are signed with our GNU GPG key, also on our FTP site.
Users of releases of Eridani Linux prior to 6.3 are advised to download
the source RPM and rebuild for their system.
Copyright (C)2002 Eridani Star System
-- Michael "Soruk" McConnell http://www.eridani.co.uk
Eridani Linux -- The Most Up-to-Date Red Hat-based Linux CDROMs Available
Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more...
_______________________________________________
Eridani-Announce mailing list
To be removed from this list email linux@eridani.co.uk requesting removal.