Gentoo: 200309-11 Critical: OpenSSH Buffer Management Error
gentoo
September 16, 2003
ll versions of OpenSSH's sshd prior to 3.7 contain a buffer managementerror
Summary
- - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200309-11 - - ---------------------------------------------------------------------
- - ---------------------------------------------------------------------
quote from advisory:
"All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively."
read the full advisory at: openssh
SOLUTION
It is recommended that all Gentoo Linux users who are running net-misc/openssh upgrade to openssh-3.7_p1 as follows:
emerge sync emerge openssh emerge clean
- - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at vapier@gentoo.org - - ---------------------------------------------------------------------
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
PACKAGE : openssh
SUMMARY : buffer management error
DATE : 2003-09-16 22:53 UTC
EXPLOIT : remote
VERSIONS AFFECTED : =openssh-3.7_p1
CVE : CAN-2003-0693
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!