<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2003:090 - Updated openssh packages fix buffer management error



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           openssh
Advisory ID:            MDKSA-2003:090
Date:                   September 16th, 2003

Affected versions:      8.2, 9.0, 9.1, Corporate Server 2.1,
                        Multi Network Firewall 8.2
________________________________________________________________________

Problem Description:

 A buffer management error was discovered in all versions of openssh
 prior to version 3.7.  According to the OpenSSH team's advisory:
 "It is uncertain whether this error is potentially exploitable,
 however, we prefer to see bugs fixed proactively."  There have also
 been reports of an exploit in the wild.
 
 MandrakeSoft encourages all users to upgrade to these patched openssh
 packages immediately and to disable sshd until you are able to upgrade
 if at all possible.
________________________________________________________________________

References:
  
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0693
  http://www.kb.cert.org/vuls/id/333628
  http://www.openssh.com/txt/buffer.adv
________________________________________________________________________

Updated Packages:
  
 Corporate Server 2.1:
 5800ea0b5c436851c04e153a2d8b7706  
corporate/2.1/RPMS/openssh-3.6.1p2-1.1.90mdk.i586.rpm
 ca2a0c392a3b2400139b4bfbdd61121a  
corporate/2.1/RPMS/openssh-askpass-3.6.1p2-1.1.90mdk.i586.rpm
 51b4d8bcc2e3c92850dd29a41da1ecbc  
corporate/2.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.90mdk.i586.rpm
 dd421c26a2c1b5092cc1947394f87cfa  
corporate/2.1/RPMS/openssh-clients-3.6.1p2-1.1.90mdk.i586.rpm
 933a01509877c76a2c16b4c129bd7bbe  
corporate/2.1/RPMS/openssh-server-3.6.1p2-1.1.90mdk.i586.rpm
 54299aeb96b49e1d8ef6a4dcc826eba1  
corporate/2.1/SRPMS/openssh-3.6.1p2-1.1.90mdk.src.rpm

 Corporate Server 2.1/x86_64:
 5da7de9e35a314a9acc21ee0024c8a55  
x86_64/corporate/2.1/RPMS/openssh-3.6.1p2-1.1.90mdk.x86_64.rpm
 fb60f30f5241741ef2276d8616553a84  
x86_64/corporate/2.1/RPMS/openssh-askpass-3.6.1p2-1.1.90mdk.x86_64.rpm
 c41f38e43f87231c639f6a0fcbb2d065  
x86_64/corporate/2.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.90mdk.x86_64.rpm
 c826364829aba4704f1b5435b4ab3319  
x86_64/corporate/2.1/RPMS/openssh-clients-3.6.1p2-1.1.90mdk.x86_64.rpm
 7b4f9e6970d4bc7ef7ac55e7824247c6  
x86_64/corporate/2.1/RPMS/openssh-server-3.6.1p2-1.1.90mdk.x86_64.rpm
 54299aeb96b49e1d8ef6a4dcc826eba1  
x86_64/corporate/2.1/SRPMS/openssh-3.6.1p2-1.1.90mdk.src.rpm

 Mandrake Linux 8.2:
 eb32286108c21f58ac51d782151539b0  8.2/RPMS/openssh-3.6.1p2-1.1.82mdk.i586.rpm
 0267fc6f4c0d893e435b7445fb9f6a23  
8.2/RPMS/openssh-askpass-3.6.1p2-1.1.82mdk.i586.rpm
 69a090f67dd853d4e60f6905eeeadf20  
8.2/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.82mdk.i586.rpm
 96e50b6c68e657cc01911414e6836f73  
8.2/RPMS/openssh-clients-3.6.1p2-1.1.82mdk.i586.rpm
 f52c7678f32ca9cde888068620fb375d  
8.2/RPMS/openssh-server-3.6.1p2-1.1.82mdk.i586.rpm
 f96f920c60fe9961f107605e60dc0697  8.2/SRPMS/openssh-3.6.1p2-1.1.82mdk.src.rpm

 Mandrake Linux 8.2/PPC:
 14904d382bc45ae8346202bdc75ccee7  
ppc/8.2/RPMS/openssh-3.6.1p2-1.1.82mdk.ppc.rpm
 8012ca8e133f76d0a7034945603f4e90  
ppc/8.2/RPMS/openssh-askpass-3.6.1p2-1.1.82mdk.ppc.rpm
 aa3658d57bacf80a2bc6750a832f7ff8  
ppc/8.2/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.82mdk.ppc.rpm
 683f8b21c9887f9160efa0cf7211caf0  
ppc/8.2/RPMS/openssh-clients-3.6.1p2-1.1.82mdk.ppc.rpm
 a919fcf54371e12ece94b84883cdf058  
ppc/8.2/RPMS/openssh-server-3.6.1p2-1.1.82mdk.ppc.rpm
 f96f920c60fe9961f107605e60dc0697  
ppc/8.2/SRPMS/openssh-3.6.1p2-1.1.82mdk.src.rpm

 Mandrake Linux 9.0:
 5800ea0b5c436851c04e153a2d8b7706  9.0/RPMS/openssh-3.6.1p2-1.1.90mdk.i586.rpm
 ca2a0c392a3b2400139b4bfbdd61121a  
9.0/RPMS/openssh-askpass-3.6.1p2-1.1.90mdk.i586.rpm
 51b4d8bcc2e3c92850dd29a41da1ecbc  
9.0/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.90mdk.i586.rpm
 dd421c26a2c1b5092cc1947394f87cfa  
9.0/RPMS/openssh-clients-3.6.1p2-1.1.90mdk.i586.rpm
 933a01509877c76a2c16b4c129bd7bbe  
9.0/RPMS/openssh-server-3.6.1p2-1.1.90mdk.i586.rpm
 54299aeb96b49e1d8ef6a4dcc826eba1  9.0/SRPMS/openssh-3.6.1p2-1.1.90mdk.src.rpm

 Mandrake Linux 9.1:
 b428536c41761ef1295a5c424fe7090f  9.1/RPMS/openssh-3.6.1p2-1.1.91mdk.i586.rpm
 6b0f784e9a9eb0a5f81682cfed347533  
9.1/RPMS/openssh-askpass-3.6.1p2-1.1.91mdk.i586.rpm
 1de0d5a790a8b049d936a66f9cbef637  
9.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.91mdk.i586.rpm
 8be79fe54ec8fa4e6e262747b9a266f6  
9.1/RPMS/openssh-clients-3.6.1p2-1.1.91mdk.i586.rpm
 43c07ba3f3f4ba38f5d215dc1e62b19d  
9.1/RPMS/openssh-server-3.6.1p2-1.1.91mdk.i586.rpm
 6c50e55e209175d774c39512e31da4ff  9.1/SRPMS/openssh-3.6.1p2-1.1.91mdk.src.rpm

 Mandrake Linux 9.1/PPC:
 cea0afcd1c654e52eaeafde47e0b9cdd  
ppc/9.1/RPMS/openssh-3.6.1p2-1.1.91mdk.ppc.rpm
 937cafe7c1d2bc005bde44157a3ce32a  
ppc/9.1/RPMS/openssh-askpass-3.6.1p2-1.1.91mdk.ppc.rpm
 b96a79881c74002e80088e73b0b5420a  
ppc/9.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.91mdk.ppc.rpm
 c11f8f2648eda9d127f7cbf4e20dd768  
ppc/9.1/RPMS/openssh-clients-3.6.1p2-1.1.91mdk.ppc.rpm
 65761615af545350699e27771761acd0  
ppc/9.1/RPMS/openssh-server-3.6.1p2-1.1.91mdk.ppc.rpm
 6c50e55e209175d774c39512e31da4ff  
ppc/9.1/SRPMS/openssh-3.6.1p2-1.1.91mdk.src.rpm

 Multi Network Firewall 8.2:
 eb32286108c21f58ac51d782151539b0  
mnf8.2/RPMS/openssh-3.6.1p2-1.1.82mdk.i586.rpm
 96e50b6c68e657cc01911414e6836f73  
mnf8.2/RPMS/openssh-clients-3.6.1p2-1.1.82mdk.i586.rpm
 f52c7678f32ca9cde888068620fb375d  
mnf8.2/RPMS/openssh-server-3.6.1p2-1.1.82mdk.i586.rpm
 f96f920c60fe9961f107605e60dc0697  
mnf8.2/SRPMS/openssh-3.6.1p2-1.1.82mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
________________________________________________________________________

To upgrade automatically, use MandrakeUpdate or urpmi.  The verification
of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

  http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

  http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/Z3GlmqjQ0CJFipgRApLpAKD23mpcVC6S4b4N7EhgXHGGGh0jGQCeIfDv
BFTVF9HpTYKL8xAl2ua7fm4=
=sBfV
-----END PGP SIGNATURE-----