Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

GLSA: openssh (200309-11)

From: aliz () gentoo org (Daniel Ahlberg)
Date: Wed, 17 Sep 2003 00:53:35 +0200 (CEST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200309-11
- - - ---------------------------------------------------------------------

          PACKAGE : openssh
          SUMMARY : buffer management error
             DATE : 2003-09-16 22:53 UTC
          EXPLOIT : remote
VERSIONS AFFECTED : <openssh-3.7_p1
    FIXED VERSION : >=openssh-3.7_p1
              CVE : CAN-2003-0693

- - - ---------------------------------------------------------------------

quote from advisory:

"All versions of OpenSSH's sshd prior to 3.7 contain a buffer management 
error.  It is uncertain whether this error is potentially exploitable, 
however, we prefer to see bugs fixed proactively."

read the full advisory at:
http://www.openssh.com/txt/buffer.adv

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-misc/openssh upgrade to openssh-3.7_p1 as follows:

emerge sync
emerge openssh
emerge clean

- - - ---------------------------------------------------------------------
aliz () gentoo org - GnuPG key is available at http://dev.gentoo.org/~aliz
vapier () gentoo org
- - - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/Z5RvfT7nyhUpoZMRAk0wAKC5BtAP0E0R/WWd+rSXJ7kXjRGB7QCfZVqH
c4Ig9D3vZx9+BI/olXA42bg=
=HGZB
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: