dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


SOT Linux Advisory: openssh

Sep 18, 2003, 02:25 (0 Talkback[s])

SOT Linux Security Advisory

Subject: Updated openssh package for SOT Linux 2003
Advisory ID: SLSA-2003:42
Date: Thursday, September 18, 2003
Product: SOT Linux 2003

1. Problem description

OpenSSH is a suite of network connectivity tools that can be used to establish encrypted connections between systems on a network and can provide interactive login sessions and port forwarding, among other functions.

The OpenSSH team has announced a bug which affects the OpenSSH buffer handling code. This bug has the potential of being remotely exploitable.

All users of OpenSSH should immediately apply this update which contains a backported fix for this issue.

2. Updated packages

SOT Linux 2003 Desktop:

i386:
ftp://ftp.sot.com/updates/2003/Desktop/i386/openssh-3.1p1-9.i386.rpm
ftp://ftp.sot.com/updates/2003/Desktop/i386/openssh-clients-3.1p1-9.i386.rpm
ftp://ftp.sot.com/updates/2003/Desktop/i386/openssh-server-3.1p1-9.i386.rpm

SRPMS:
ftp://ftp.sot.com/updates/2003/Desktop/SRPMS/openssh-3.1p1-9.src.rpm

SOT Linux 2003 Server:

i386:
ftp://ftp.sot.com/updates/2003/Server/i386/openssh-3.1p1-9.i386.rpm
ftp://ftp.sot.com/updates/2003/Server/i386/openssh-clients-3.1p1-9.i386.rpm
ftp://ftp.sot.com/updates/2003/Server/i386/openssh-server-3.1p1-9.i386.rpm

SRPMS:
ftp://ftp.sot.com/updates/2003/Server/SRPMS/openssh-3.1p1-9.src.rpm

3. Upgrading package

Before applying this update, make sure all previously released errata relevant to your system have been applied.

Use up2date to automatically upgrade the fixed packages.

If you want to upgrade manually, download the updated package from the SOT Linux FTP site (use the links above) or from one of our mirrors. The list of mirrors can be obtained at www.sot.com/en/linux

Update the package with the following command: rpm -Uvh <filename>

4. Verification

All packages are PGP signed by SOT for security.

You can verify each package with the following command: rpm --checksig <filename>

If you wish to verify the integrity of the downloaded package, run "md5sum <filename>" and compare the output with data given below.

Package Name MD5 sum
/Desktop/i386/openssh-3.1p1-9.i386.rpm c40aeb1c5d9005ffa5027df7e68c6633
/Desktop/i386/openssh-clients-3.1p1-9.i386.rpm 352b00f7a2e3722b0be8f3687e83b07b
/Desktop/i386/openssh-server-3.1p1-9.i386.rpm 29407c985338a3a88e0ba868fe110b77
/Desktop/SRPMS/openssh-3.1p1-9.src.rpm dd6f8a5dcc77966db0b995dfbe0009dd
/Server/i386/openssh-3.1p1-9.i386.rpm c40aeb1c5d9005ffa5027df7e68c6633
/Server/i386/openssh-clients-3.1p1-9.i386.rpm 352b00f7a2e3722b0be8f3687e83b07b
/Server/i386/openssh-server-3.1p1-9.i386.rpm 29407c985338a3a88e0ba868fe110b77
/Server/SRPMS/openssh-3.1p1-9.src.rpm dd6f8a5dcc77966db0b995dfbe0009dd

5. References

http://marc.theaimsgroup.com/?l=openbsd-misc&m=106371592604940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0693

Copyright(c) 2001-2003 SOT