![[LWN Logo]](/images/lcorner.png)
![[LWN.net]](/images/Included.png)
|
|
|
|
From: Eridani Star System <linux@eridani.co.uk> To: lwn@lwn.net Subject: ERISA-2002:026 - openssh Date: Thu, 27 Jun 2002 21:57:34 +0100 (BST) The original mailing seems to have got lost somewhere. Probably due to my ISP's recent routing issues. -- Michael "Soruk" McConnell http://www.eridani.co.uk Eridani Linux -- Now including Cygwin amongst the CDs available Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more... ---------- Forwarded message ---------- Date: Wed, 26 Jun 2002 18:02:02 +0100 (BST) From: Eridani Star System <linux@eridani.co.uk> To: eridani-announce@eridani.co.uk Subject: ERISA-2002:026 - openssh ========================================================================= ERIDANI LINUX - SECURITY ANNOUNCEMENT ========================================================================= Package: openssh Summary: Input validation error can allow privilege escalation Date: 2002-06-26 ID: ERISA-2002:026 ========================================================================= Problem description: All versions of OpenSSH's sshd between 2.9.9 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. Although OpenSSH 2.9 and earlier are not affected upgrading to OpenSSH 3.4 is recommended, because OpenSSH 3.4 adds checks for a class of potential bugs. These packages come with compression disabled in the config file, due to privilege separation and compression not working together on 2.2.x kernels. ------------------------------------------------------------------------- Updated packages: 77743c94d0c4e3ce7aecde5fd1d4ad30 openssh-3.4p1-1.src.rpm e1d5c1885d32bc9e86130f507563ec1e openssh-3.4p1-1.i386.rpm 2f4304b804571b0aac6fc44083778721 openssh-askpass-3.4p1-1.i386.rpm a0e220a342bb51239e412a3c4fd64f3d openssh-askpass-gnome-3.4p1-1.i386.rpm c440f4662b662a9aba6fc534226fd531 openssh-clients-3.4p1-1.i386.rpm f053be2c647d7530a70dc49d26bafafb openssh-server-3.4p1-1.i386.rpm ------------------------------------------------------------------------- References: http://lwn.net/Articles/3531/ ========================================================================= Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/ or by HTTP from http://ftp.eridani.co.uk/ Packages are signed with our GNU GPG key, also on our FTP site. Users of releases of Eridani Linux prior to 6.3 are advised to download the source RPM and rebuild for their system. Copyright (C)2002 Eridani Star System -- Michael "Soruk" McConnell http://www.eridani.co.uk Eridani Linux -- The Most Up-to-Date Red Hat-based Linux CDROMs Available Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more...