Debian: DSA-027-1 Critical: OpenSSH Remote Memory Overwrite Exploit
debian
February 8, 2001
This package fixes two security problems with OpenSSH.
Topics Covered
Summary
This upload fixes:
1. Prior versions of OpenSSH are vulnerable to a remote arbitrary
memory overwrite attack which may eventually lead into a root
exploit. No exploit program is known yet but expected to come up
soon.
2. CORE-SDI has described a problem with regards to RSA key exchange
and a Bleichenbacher attack to gather the session key from an ssh
session.
We recommend you upgrade your openssh package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 2.2 alias potato
------------------------------------
Potato was released for the alpha, arm, i386, m68k, powerpc and sparc
architectures.
Source archives:
MD5 checksum: b823b3a94de32533cb35c23a9b956c5c
MD5 checksum: bae514efd776c6007944677e767c60a0
MD5 checksum: 6aad0cc9ceca55f138ed1ba4cf660349
Intel ia32 ar...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: openssh
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!