Date: Thu, 7 Mar 2002 16:51:31 -0800 (PST)
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] OpenSSH security problem fixed


New openssh packages are available to fix security problems.

Here's the information from the Slackware 8.0 ChangeLog:

----------------------------
Thu Mar  7 12:00:18 PST 2002
patches/packages/openssh.tgz:  Upgraded to openssh-3.1p1.

  This fixes a security problem in the openssh package.  All sites running
  OpenSSH should upgrade immediately.

  All versions of OpenSSH between 2.0 and 3.0.2 contain an off-by-one error
  in the channel code.  OpenSSH 3.1 and later are not affected.  This bug can
  be exploited locally by an authenticated user logging into a vulnerable
  OpenSSH server or by a malicious SSH server attacking a vulnerable OpenSSH
  client.  This bug was discovered by Joost Pol <joost@pine.nl>

(* Security fix *)
----------------------------


WHERE TO FIND THE NEW PACKAGE:
------------------------------
Updated openssh package for Slackware 8.0: 
 

Updated openssh package for Slackware -current: 
 


MD5 SIGNATURE:
--------------

Here is the md5sum for the package:

Slackware 8.0:
1db0be2661cc1640aaa5797f9eb366db  openssh.tgz

Slackware -current:
d7686a09c398a76b0d0638c8dae615ef  openssh-3.1p1-i386-1.tgz


INSTALLATION INSTRUCTIONS:
--------------------------

First, stop sshd:
# /etc/rc.d/rc.sshd stop

Next, upgrade to the new openssh.tgz package:
# upgradepkg openssh.tgz

Finally, restart sshd:
# /etc/rc.d/rc.sshd start


Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
   The Slackware Linux Project

Slackware: 'openssh' Unauthorized access vulnerability

March 8, 2002
Joost Pol discoverd an off-by-one bug in OpenSSH's channel ...

Summary

Where Find New Packages

MD5 Signatures

Severity
Date: Thu, 7 Mar 2002 16:51:31 -0800 (PST) From: Slackware Security Team <security@slackware.com> To: slackware-security@slackware.com Subject: [slackware-security] OpenSSH security problem fixed
New openssh packages are available to fix security problems.
Here's the information from the Slackware 8.0 ChangeLog:
---------------------------- Thu Mar 7 12:00:18 PST 2002 patches/packages/openssh.tgz: Upgraded to openssh-3.1p1.
This fixes a security problem in the openssh package. All sites running OpenSSH should upgrade immediately.
All versions of OpenSSH between 2.0 and 3.0.2 contain an off-by-one error in the channel code. OpenSSH 3.1 and later are not affected. This bug can be exploited locally by an authenticated user logging into a vulnerable OpenSSH server or by a malicious SSH server attacking a vulnerable OpenSSH client. This bug was discovered by Joost Pol <joost@pine.nl>
(* Security fix *) ----------------------------
WHERE TO FIND THE NEW PACKAGE: ------------------------------ Updated openssh package for Slackware 8.0:
Updated openssh package for Slackware -current:
MD5 SIGNATURE: --------------
Here is the md5sum for the package:
Slackware 8.0: 1db0be2661cc1640aaa5797f9eb366db openssh.tgz
Slackware -current: d7686a09c398a76b0d0638c8dae615ef openssh-3.1p1-i386-1.tgz
INSTALLATION INSTRUCTIONS: --------------------------
First, stop sshd: # /etc/rc.d/rc.sshd stop
Next, upgrade to the new openssh.tgz package: # upgradepkg openssh.tgz
Finally, restart sshd: # /etc/rc.d/rc.sshd start
Remember, it's also a good idea to backup configuration files before upgrading packages.
- Slackware Linux Security Team The Slackware Linux Project

Installation Instructions

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved