Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Seemant Kulleen <seemant@g.o>
To: gentoo-security@g.o, gentoo-announce@g.o
Subject: [gentoo-announce] GLSA 200309-12: OpenSSH
Date: Wed, 17 Sep 2003 02:21:12
Message-Id: 1063763527.1852.8.camel@localhost
1 - - -
2 ---------------------------------------------------------------------
3 GENTOO LINUX SECURITY ANNOUNCEMENT 200309-12
4 - - -
5 ---------------------------------------------------------------------
6
7 PACKAGE : openssh
8 SUMMARY : buffer management error
9 DATE : 2003-09-16 22:53 UTC
10 EXPLOIT : remote
11 VERSIONS AFFECTED : <=openssh-3.7_p1
12 FIXED VERSION : >=openssh-3.7.1_p1
13 CVE : CAN-2003-0693
14
15 - - -
16 ---------------------------------------------------------------------
17
18 quote from advisory:
19
20 "All versions of OpenSSH's sshd prior to 3.7 contain a buffer management
21 error. It is uncertain whether this error is potentially
22 exploitable,however, we prefer to see bugs fixed proactively."
23
24 read the full advisory at:
25 http://www.openssh.com/txt/buffer.adv
26
27 This is a follow up advisory to indicate the further fixes have been
28 made. From the ChangeLog:
29
30 - (djm) OpenBSD Sync
31 - markus@×××××××××××.org 2003/09/16 21:02:40
32 [buffer.c channels.c version.h]
33 more malloc/fatal fixes; ok millert/deraadt; ghudson at MIT.EDU
34
35 (reported on http://bugs.gentoo.org/show_bug.cgi?id=28927 by
36 Christian Rubbert <ceed@×××.de>)
37
38 SOLUTION
39
40 It is recommended that all Gentoo Linux users who are running
41 net-misc/openssh upgrade to openssh-3.7.1_p1 as follows:
42
43 emerge sync
44 emerge openssh
45 emerge clean
46
47 - - ---------------------------------------------------------------
48 seemant@g.o - GnuPG key in signature below and on keyservers
49 vapier@g.o
50
51 --
52 Seemant Kulleen
53 Developer and Project Co-ordinator,
54 Gentoo Linux http://dev.gentoo.org/~seemant
55
56 Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3458780E
57 Key fingerprint = 23A9 7CB5 9BBB 4F8D 549B 6593 EDA2 65D8 3458 780E

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups