User: Password:
|
|
Subscribe / Log in / New account

Mandriva alert MDKSA-2006:204 (openssh)

From:  security@mandriva.com
To:  security-announce@mandrivalinux.org
Subject:  [Security Announce] [ MDKSA-2006:204 ] - Updated openssh packages fix vulnerability
Date:  Wed, 8 Nov 2006 18:17:01 -0700

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:204 http://www.mandriva.com/security/ _______________________________________________________________________ Package : openssh Date : November 8, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A vulnerability in the privilege separation functionality in OpenSSH was discovered, caused by an incorrect checking for bad signatures in sshd's privsep monitor. As a result, the monitor and the unprivileged process can get out sync. The OpenSSH team indicated that this bug is not known to be exploitable in the abence of additional vulnerabilities. Updated packages have been patched to correct this issue, and Mandriva Linux 2007 has received the latest version of OpenSSH. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5794 http://www.openssh.com/txt/release-4.5 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: 97d55a01498ae859817c236d6be17bb5 2006.0/i586/openssh-4.3p1-0.4.20060mdk.i586.rpm a47c9f8361c91de4c97b827171f379be 2006.0/i586/openssh-askpass-4.3p1-0.4.20060mdk.i586.rpm 6a18e82f1251073d4f17bcb653a8da4a 2006.0/i586/openssh-askpass-gnome-4.3p1-0.4.20060mdk.i586.rpm 36995045f95028848691226a3624d701 2006.0/i586/openssh-clients-4.3p1-0.4.20060mdk.i586.rpm 598feb16c5b77c20b8d8e364a6d0a83e 2006.0/i586/openssh-server-4.3p1-0.4.20060mdk.i586.rpm 3c4642aa46959520d6374c5dd55c2488 2006.0/SRPMS/openssh-4.3p1-0.4.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: d5d932876aab273d0734de9a156f3514 2006.0/x86_64/openssh-4.3p1-0.4.20060mdk.x86_64.rpm 4d921a0e4c743b78824c100e49480a43 2006.0/x86_64/openssh-askpass-4.3p1-0.4.20060mdk.x86_64.rpm 79d975ab47eb58aa39350d0cb56a3507 2006.0/x86_64/openssh-askpass-gnome-4.3p1-0.4.20060mdk.x86_64.rpm 52eb00190b757e7ca842fad40e34cdec 2006.0/x86_64/openssh-clients-4.3p1-0.4.20060mdk.x86_64.rpm 25bb2488c0c460ca2ee28814b5902d6f 2006.0/x86_64/openssh-server-4.3p1-0.4.20060mdk.x86_64.rpm 3c4642aa46959520d6374c5dd55c2488 2006.0/SRPMS/openssh-4.3p1-0.4.20060mdk.src.rpm Mandriva Linux 2007.0: 685ed779bc6e5b069456c1a1ec3cbde0 2007.0/i586/openssh-4.5p1-0.1mdv2007.0.i586.rpm 22384a44c965285f8077624d7d35c2aa 2007.0/i586/openssh-askpass-4.5p1-0.1mdv2007.0.i586.rpm eb05d1b12e62a590d6a627ea9a058a1a 2007.0/i586/openssh-askpass-common-4.5p1-0.1mdv2007.0.i586.rpm 31de85b9ec2be0990e03f0e52350a826 2007.0/i586/openssh-askpass-gnome-4.5p1-0.1mdv2007.0.i586.rpm 9a17d425bdd1e7d62ecc96dccbb25aaf 2007.0/i586/openssh-clients-4.5p1-0.1mdv2007.0.i586.rpm d93dc4b53d3e9a683dc5878ae5bf3139 2007.0/i586/openssh-server-4.5p1-0.1mdv2007.0.i586.rpm 48dfb1f18e3a82ba39fc5dcdbc98ac9b 2007.0/SRPMS/openssh-4.5p1-0.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 083b3ffdb875a5f053c41bc8913b9bea 2007.0/x86_64/openssh-4.5p1-0.1mdv2007.0.x86_64.rpm 3e096fa50c7440c76f748c9d6c76f551 2007.0/x86_64/openssh-askpass-4.5p1-0.1mdv2007.0.x86_64.rpm a0b32fd47e7b00b3240ae94a3e555915 2007.0/x86_64/openssh-askpass-common-4.5p1-0.1mdv2007.0.x86_64.rpm 8c200957e509389151a07b56b2a1b9d2 2007.0/x86_64/openssh-askpass-gnome-4.5p1-0.1mdv2007.0.x86_64.rpm cb15557e3e324dfd9a4c4739f2513989 2007.0/x86_64/openssh-clients-4.5p1-0.1mdv2007.0.x86_64.rpm 0a4aedec1aee0c6449eb4258e98417ab 2007.0/x86_64/openssh-server-4.5p1-0.1mdv2007.0.x86_64.rpm 48dfb1f18e3a82ba39fc5dcdbc98ac9b 2007.0/SRPMS/openssh-4.5p1-0.1mdv2007.0.src.rpm Corporate 3.0: 55fdb58d443f991360f2f650c55be459 corporate/3.0/i586/openssh-4.3p1-0.3.C30mdk.i586.rpm 49862cc132762967617b68eb04a7227b corporate/3.0/i586/openssh-askpass-4.3p1-0.3.C30mdk.i586.rpm ef5f7e7432c6545e2ed5b652db791347 corporate/3.0/i586/openssh-askpass-gnome-4.3p1-0.3.C30mdk.i586.rpm 74f630bf4cabda7c0e74d8dcddb2df96 corporate/3.0/i586/openssh-clients-4.3p1-0.3.C30mdk.i586.rpm 1a59b176b78cd8a042847f91c94e34e7 corporate/3.0/i586/openssh-server-4.3p1-0.3.C30mdk.i586.rpm 4e683f1e7cf9a3f00ac6792e661184bb corporate/3.0/SRPMS/openssh-4.3p1-0.3.C30mdk.src.rpm Corporate 3.0/X86_64: 53994a4dca0377a152eef5b7b1824db6 corporate/3.0/x86_64/openssh-4.3p1-0.3.C30mdk.x86_64.rpm 09832364e0f432cd254b3ed53876b9c7 corporate/3.0/x86_64/openssh-askpass-4.3p1-0.3.C30mdk.x86_64.rpm ba54af4f6d57353cf07ead346ef0a66e corporate/3.0/x86_64/openssh-askpass-gnome-4.3p1-0.3.C30mdk.x86_64.rpm 0a3351846f58a6f59def15b93ac75463 corporate/3.0/x86_64/openssh-clients-4.3p1-0.3.C30mdk.x86_64.rpm c5afc0df524e025b6a1f685dd5475d85 corporate/3.0/x86_64/openssh-server-4.3p1-0.3.C30mdk.x86_64.rpm 4e683f1e7cf9a3f00ac6792e661184bb corporate/3.0/SRPMS/openssh-4.3p1-0.3.C30mdk.src.rpm Corporate 4.0: 91b64f8c6354fe0dac3bbc45412a90cb corporate/4.0/i586/openssh-4.3p1-0.4.20060mlcs4.i586.rpm f894df39703e3526828d40b87905c900 corporate/4.0/i586/openssh-askpass-4.3p1-0.4.20060mlcs4.i586.rpm 981aa54d8a6ad3ed6f350f6871c61edc corporate/4.0/i586/openssh-askpass-gnome-4.3p1-0.4.20060mlcs4.i586.rpm 77c2c6eecd5d45d9e1f2f9ca39e8d54d corporate/4.0/i586/openssh-clients-4.3p1-0.4.20060mlcs4.i586.rpm feb3958987ee69997170c5464bd596ac corporate/4.0/i586/openssh-server-4.3p1-0.4.20060mlcs4.i586.rpm 5f958b84f60ef962b84a4f46b6d80424 corporate/4.0/SRPMS/openssh-4.3p1-0.4.20060mlcs4.src.rpm Corporate 4.0/X86_64: 16c2fea9fa550b9827e619b43b731bdd corporate/4.0/x86_64/openssh-4.3p1-0.4.20060mlcs4.x86_64.rpm 3b1de1edad9666fe782736f32c450104 corporate/4.0/x86_64/openssh-askpass-4.3p1-0.4.20060mlcs4.x86_64.rpm 351b0c9655f7d516a608376620d93aa8 corporate/4.0/x86_64/openssh-askpass-gnome-4.3p1-0.4.20060mlcs4.x86_64.rpm 487f7c3948e58b0e5e03a1b419b6a339 corporate/4.0/x86_64/openssh-clients-4.3p1-0.4.20060mlcs4.x86_64.rpm a03b7d99254a22c05c3e6043c5e82e94 corporate/4.0/x86_64/openssh-server-4.3p1-0.4.20060mlcs4.x86_64.rpm 5f958b84f60ef962b84a4f46b6d80424 corporate/4.0/SRPMS/openssh-4.3p1-0.4.20060mlcs4.src.rpm Multi Network Firewall 2.0: 2c2cd66daadd721d7065112d66b1ed98 mnf/2.0/i586/openssh-4.3p1-0.3.M20mdk.i586.rpm ab6d7afa2944fdf1e38ca76e2ee7484c mnf/2.0/i586/openssh-askpass-4.3p1-0.3.M20mdk.i586.rpm 246f480977cacf68ee80ef51d5ecc577 mnf/2.0/i586/openssh-askpass-gnome-4.3p1-0.3.M20mdk.i586.rpm 3e98575c58f023e11733fddd0c8ec459 mnf/2.0/i586/openssh-clients-4.3p1-0.3.M20mdk.i586.rpm 9ba7ab6f44be202d16377cd04f1eb69e mnf/2.0/i586/openssh-server-4.3p1-0.3.M20mdk.i586.rpm f2c5acde98d371f1efb858a9c3d07da8 mnf/2.0/SRPMS/openssh-4.3p1-0.3.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFUlOJmqjQ0CJFipgRArC5AJ0e2uIQUZjyf4Mqo7gAmIE1o1Fh0ACfVwSo 72A6UAQ1pI3kHD7stEduBso= =woyj -----END PGP SIGNATURE----- To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds