Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Trustix Security Advisory: OpenSSH

Mar 29, 2001, 22:39 (0 Talkback[s])

Date: Thu, 29 Mar 2001 13:58:25 +0200
From: tsl@TRUSTIX.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Trustix Security Advisory #2001-0002 - OpenSSH


Trustix Secure Linux Security Advisory #2001-0002

Package name:      OpenSSH
Severity:          Possible to determine password length
Date:              2001-03-29
Affected versions: TSL 1.01, 1.1, 1.2


Problem description:
    From the release notes of Portable OpenSSH-2.5.2p2:
    Security related changes:
        Improved countermeasure against "Passive Analysis of SSH
        (Secure Shell) Traffic"
        http://openwall.com/advisories/OW-003-ssh-traffic-analysis.txt 

The countermeasures introduced in earlier OpenSSH-2.5.x versions caused interoperability problems with some other implementations.
Improved countermeasure against "SSH protocol 1.5 session key recovery vulnerability" http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm
Action:
We recommend all systems which has this package installed to be upgraded.

Location:
All TSL updates are available from
URL:http://www.trusix.net/pub/Trustix/updates/
URL:ftp://ftp.trusix.net/pub/Trustix/updates/

Users of the SWUP tool, can enjoy having the security updates automatically installed using 'swup --upgrade'.

Get SWUP from:
ftp://ftp.trustix.net/pub/Trustix/software/swup/

Questions?
Check out our mailinglists:
http://www.trustix.net/support/

Verification:
This advisory is signed with the TSL sign key. It is available from:
http://www.trustix.net/TSL-GPG-KEY

Trustix Security Team