From: Engin O. (engin@engin.web.tr)
Date: Wed 17 Sep 2003 - 02:24:00 EDT
Merhaba ;
Bu fix sadece slackware icin degil tüm vers.için update edilmeli..
saygilar
----- Original Message -----
From: "Alper Oguz" <alperliste@showtv.com.tr>
To: <linux-guvenlik@linux.org.tr>
Sent: Wednesday, September 17, 2003 9:23 AM
Subject: [linux-guvenlik] Fwd: [slackware-security] OpenSSH Security
Advisory (SSA:2003-259-01)
> ========== Forward ==========
> From: Slackware Security Team <security@slackware.com>
> To: slackware-security@slackware.com
> Date: 16.09.2003, 22:39
> Subject: [slackware-security] OpenSSH Security Advisory (SSA:2003-259-01)
> ===8<==============Original message text===============
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> [slackware-security] OpenSSH Security Advisory (SSA:2003-259-01)
>
> Upgraded OpenSSH packages are available for Slackware 8.1, 9.0 and
> - -current. These fix a buffer management error found in versions of
> OpenSSH earlier than 3.7. The possibility exists that this error
> could allow a remote exploit, so we recommend all sites running
> OpenSSH upgrade to the new OpenSSH package immediately.
>
>
> Here are the details from the Slackware 9.0 ChangeLog:
> +--------------------------+
> Tue Sep 16 11:13:05 PDT 2003
> patches/packages/openssh-3.7p1-i386-1.tgz: Upgraded to openssh-3.7p1.
> From the OpenSSH Security Advisory
> (http://www.openssh.com/txt/buffer.adv):
> "All versions of OpenSSH's sshd prior to 3.7 contain a buffer
> management error. It is uncertain whether this error is
> potentially exploitable, however, we prefer to see bugs
> fixed proactively."
> (* Security fix *)
> +--------------------------+
>
>
> WHERE TO FIND THE NEW PACKAGES:
> +-----------------------------+
>
> Updated package for Slackware 8.1:
>
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssh
-3.7p1-i386-1.tgz
>
> Updated package for Slackware 9.0:
>
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssh
-3.7p1-i386-1.tgz
>
> Updated package for Slackware -current:
>
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-
3.7p1-i486-1.tgz
>
>
> MD5 SIGNATURES:
> +-------------+
>
> Slackware 8.1 package:
> a86d410e47fe8ab4a8e9f04293a94093 openssh-3.7p1-i386-1.tgz
>
> Slackware 9.0 package:
> ca1d0b1e658c5391067f2a9cf11fc239 openssh-3.7p1-i386-1.tgz
>
> Slackware -current package:
> c58003eaaf4362c8475f0f5a77f2adbb openssh-3.7p1-i486-1.tgz
>
>
> INSTALLATION INSTRUCTIONS:
> +------------------------+
>
> (This procedure is safe to do while logged in through OpenSSH)
>
> Upgrade using upgradepkg (as root):
> # upgradepkg openssh-3.7p1-i386-1.tgz
>
> Restart OpenSSH:
> . /etc/rc.d/rc.sshd restart
>
>
> +-----+
>
> Slackware Linux Security Team
> http://slackware.com/gpg-key
> security@slackware.com
>
> +------------------------------------------------------------------------+
> | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
> +------------------------------------------------------------------------+
> | Send an email to majordomo@slackware.com with this text in the body of |
> | the email message: |
> | |
> | unsubscribe slackware-security |
> | |
> | You will get a confirmation message back. Follow the instructions to |
> | complete the unsubscription. Do not reply to this message to |
> | unsubscribe! |
> +------------------------------------------------------------------------+
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
>
> iD8DBQE/Z1e9akRjwEAQIjMRAmufAJ9LzlDM92HI9GHUD6VBb7XszGvnQwCfd9cf
> REvURD6OFDRCs4EhBQUsnuk=
> =7iqn
> -----END PGP SIGNATURE-----
>
> ===8<===========End of original message text===========
>
>
>