Slackware: openssh buffer management errors - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: February 9th, 2010

Linux Advisory Watch: February 5th, 2010

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Slackware: openssh buffer management errors

User Rating:

How can I rate this item?

Posted by LinuxSecurity.com Team

These packages fix additional buffer managementerrors that were not corrected in the recent 3.7p1 release.


[slackware-security]  OpenSSH updated again (SSA:2003-260-01)

Upgraded OpenSSH 3.7.1p1 packages are available for Slackware
8.1, 9.0 and -current.  These fix additional buffer management
errors that were not corrected in the recent 3.7p1 release.
The possibility exists that these errors could allow a remote
exploit, so we recommend all sites running OpenSSH upgrade to
the new OpenSSH package immediately.


Here are the details from the Slackware 9.0 ChangeLog:
+--------------------------+
Wed Sep 17 01:25:22 PDT 2003
patches/packages/openssh-3.7.1p1-i386-1.tgz:  Upgraded to openssh-3.7.1p1.
  The OpenSSH advisory was updated  (http://www.openssh.com/txt/buffer.adv)
  and now says that you need at least version 3.7.1, which fixes some
  more buffer problems like those fixed by 3.7.
  (* Security fix *)
+--------------------------+


WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated package for Slackware 8.1: 
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssh-3.7.1p1-i386-1.tgz

Updated package for Slackware 9.0: 
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssh-3.7.1p1-i386-1.tgz

Updated package for Slackware -current: 
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-3.7.1p1-i486-1.tgz


MD5 SIGNATURES:
+-------------+

Slackware 8.1 package:
c3b50ac3f2cd52c7ad10a0fbb141efe9  openssh-3.7.1p1-i386-1.tgz

Slackware 9.0 package:
0362f59c065c79c3eb733519394d0a60  openssh-3.7.1p1-i386-1.tgz

Slackware -current package:
e6e9cb0a9811f982d615e7a96c6c76e9  openssh-3.7.1p1-i486-1.tgz


INSTALLATION INSTRUCTIONS:
+------------------------+

(This procedure is safe to do while logged in through OpenSSH)

Upgrade using upgradepkg (as root):
# upgradepkg openssh-3.7.1p1-i386-1.tgz

Restart OpenSSH:
. /etc/rc.d/rc.sshd restart


+-----+

Slackware Linux Security Team 
http://slackware.com/gpg-key
security@slackware.com

< Prev

Partner:

Latest Features

Hacks From Pax: Network Server Monitoring With Nmap

Review: Mod-Security 2.5 by Magnus Mischel

Review: Googling Security: How Much Does Google Know About You

A Secure Nagios Server

Never Installed a Firewall on Ubuntu? Try Firestarter

Review: Hacking Exposed Linux, Third Edition

Security Features of Firefox 3.0

Yesterday's Edition

Mozilla Removes Two Malicious Firefox Add-Ons

When is a 0day not a 0day? Fake OpenSSh exploit, again

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
Security Projects , Latest News , Newsletters , SELinux , Privacy , Home,
Hardening , About Us, Advertise, Legal Notice, RSS, Guardian Digital