From: Enver ALTIN (enveraltin@yahoo.com)
Date: Fri 08 Mar 2002 - 10:27:21 EET
-----Forwarded Message-----
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] OpenSSH security problem fixed
Date: 07 Mar 2002 16:51:31 -0800
New openssh packages are available to fix security problems.
Here's the information from the Slackware 8.0 ChangeLog:
----------------------------
Thu Mar 7 12:00:18 PST 2002
patches/packages/openssh.tgz: Upgraded to openssh-3.1p1.
This fixes a security problem in the openssh package. All sites running
OpenSSH should upgrade immediately.
All versions of OpenSSH between 2.0 and 3.0.2 contain an off-by-one error
in the channel code. OpenSSH 3.1 and later are not affected. This bug can
be exploited locally by an authenticated user logging into a vulnerable
OpenSSH server or by a malicious SSH server attacking a vulnerable OpenSSH
client. This bug was discovered by Joost Pol <joost@pine.nl>
(* Security fix *)
----------------------------
WHERE TO FIND THE NEW PACKAGE:
------------------------------
Updated openssh package for Slackware 8.0:
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/openssh.tgz
Updated openssh package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/openssh-3.1p1/packages/openssh-3.1p1-i386-1.tgz
MD5 SIGNATURE:
--------------
Here is the md5sum for the package:
Slackware 8.0:
1db0be2661cc1640aaa5797f9eb366db openssh.tgz
Slackware -current:
d7686a09c398a76b0d0638c8dae615ef openssh-3.1p1-i386-1.tgz
INSTALLATION INSTRUCTIONS:
--------------------------
First, stop sshd:
# /etc/rc.d/rc.sshd stop
Next, upgrade to the new openssh.tgz package:
# upgradepkg openssh.tgz
Finally, restart sshd:
# /etc/rc.d/rc.sshd start
Remember, it's also a good idea to backup configuration files before
upgrading packages.
- Slackware Linux Security Team
http://www.slackware.com
+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+
-- Enver (a.k.a. skyblue)_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
----------------------------------------------------------------------- Liste üyeliğiniz ile ilgili her türlü işlem için http://liste.linux.org.tr adresindeki web arayüzünü kullanabilirsiniz.
Listeden çıkmak için: 'linux-guvenlik-request@linux.org.tr' adresine, "Konu" kısmında "unsubscribe" yazan bir e-posta gönderiniz. -----------------------------------------------------------------------