[CLA-2003:741] Conectiva Security Announcement - openssh

To: conectiva-updates@xxxxxxxxxxxxxxxxxxxxxxxxxxx, lwn@xxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, security-alerts@xxxxxxxxxxxxxxxxx, linsec@xxxxxxxxxxxxxxxxxx
Subject: [CLA-2003:741] Conectiva Security Announcement - openssh
From: Conectiva Updates <secure@xxxxxxxxxxxxxxxx>
Date: Wed, 17 Sep 2003 18:49:35 -0300
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE   : openssh
SUMMARY   : Remote vulnerabilities
DATE      : 2003-09-17 18:48:00
ID        : CLA-2003:741
RELEVANT
RELEASES  : 7.0, 8, 9

- -------------------------------------------------------------------------

DESCRIPTION
 OpenSSH[1] is a very popular and versatile tool that uses encrypted
 connections between hosts and is commonly used for remote
 administration.
 
 This update fixes new vulnerabilities found in the code that handles
 buffers in OpenSSH. These vulnerabilities are similiar to the ones
 fixed in the CLSA-2003:739 announcement[2] (CAN-2003-0693) and can be
 exploited by a remote attacker to cause a denial of service condition
 and potentially execute arbitrary code (although there is still no
 concrete evidence of that).
 
 The Common Vulnerabilities and Exposures project (cve.mitre.org) has
 assigned the name CAN-2003-0695 to this additional issue[3].
 
 The OpenSSH team released the version 3.7.1 which fixes this
 vulnerability[4]. This update contains the versions originally
 distributed with Conectiva Linux added of backported patches.
 
 Additionally, patches made by Solar Designer to fix memory bugs in
 other parts of the code are being added. Althought it is unlikely
 that these bugs are exploitable, they are being treatead as security
 fixes by now and have the name CAN-2003-0682 assigned[5] by The
 Common Vulnerabilities and Exposures project (cve.mitre.org).


SOLUTION
 It is recommended that all OpenSSH users upgrade their packages.
 
 The ssh service will be automatically restarted during the upgrade if
 it is already running. Current ssh sessions will remain open during
 the restart.
 
 
 REFERENCES:
 1.http://www.openssh.org
 
2.http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000739&idioma=en
 3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0695
 4.http://www.openssh.com/txt/buffer.adv
 5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0682


UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-3.4p1-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-askpass-3.4p1-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-askpass-gnome-3.4p1-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-clients-3.4p1-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-server-3.4p1-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/openssh-3.4p1-1U70_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-3.4p1-1U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-askpass-3.4p1-1U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-askpass-gnome-3.4p1-1U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-clients-3.4p1-1U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-server-3.4p1-1U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/openssh-3.4p1-1U80_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-3.5p1-27767U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-askpass-3.5p1-27767U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-askpass-gnome-3.5p1-27767U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-clients-3.5p1-27767U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-server-3.5p1-27767U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/openssh-3.5p1-27767U90_2cl.src.rpm


ADDITIONAL INSTRUCTIONS
 The apt tool can be used to perform RPM packages upgrades:

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions reagarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
unsubscribe: conectiva-updates-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE/aNbu42jd0JmAcZARAnByAJ4la1+ZTsDPuuQoFcu4ygjk406b5wCg11KG
KWI0pS7VlyuaHtgastTIZrA=
=QKv8
-----END PGP SIGNATURE-----

Prev by Date: OPENSSH-SORCERER2003-09-17
Next by Date: [RHSA-2003:279-02] Updated OpenSSH packages fix potential vulnerabilities
Previous by thread: Re: openssh 3.7.1 patched or not?
Next by thread: [RHSA-2003:279-02] Updated OpenSSH packages fix potential vulnerabilities
Index(es):
- Date
- Thread