Conectiva Linux Advisory: openssh

CONECTIVA LINUX SECURITY ANNOUNCEMENT

DESCRIPTION
OpenSSH[1] is a very popular and versatile tool that uses encrypted
connections between hosts and is commonly used for remote
administration.

This update fixes new vulnerabilities found in the code that
handles buffers in OpenSSH. These vulnerabilities are similiar to
the ones fixed in the CLSA-2003:739 announcement[2] (CAN-2003-0693)
and can be exploited by a remote attacker to cause a denial of
service condition and potentially execute arbitrary code (although
there is still no concrete evidence of that).

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2003-0695 to this additional issue[3].

The OpenSSH team released the version 3.7.1 which fixes this
vulnerability[4]. This update contains the versions originally
distributed with Conectiva Linux added of backported patches.

Additionally, patches made by Solar Designer to fix memory bugs
in other parts of the code are being added. Althought it is
unlikely that these bugs are exploitable, they are being treatead
as security fixes by now and have the name CAN-2003-0682
assigned[5] by The Common Vulnerabilities and Exposures project
(cve.mitre.org/).

SOLUTION
It is recommended that all OpenSSH users upgrade their
packages.

The ssh service will be automatically restarted during the
upgrade if it is already running. Current ssh sessions will remain
open during the restart.

REFERENCES:
1.http://www.openssh.org
2.http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000739&idioma=en

3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0695

4.http://www.openssh.com/txt/buffer.adv

5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0682

UPDATED PACKAGES

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-3.4p1-1U70_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-askpass-3.4p1-1U70_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-askpass-gnome-3.4p1-1U70_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-clients-3.4p1-1U70_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-server-3.4p1-1U70_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/openssh-3.4p1-1U70_3cl.src.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-3.4p1-1U80_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-askpass-3.4p1-1U80_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-askpass-gnome-3.4p1-1U80_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-clients-3.4p1-1U80_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-server-3.4p1-1U80_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/SRPMS/openssh-3.4p1-1U80_3cl.src.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-3.5p1-27767U90_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-askpass-3.5p1-27767U90_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-askpass-gnome-3.5p1-27767U90_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-clients-3.5p1-27767U90_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-server-3.5p1-27767U90_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/SRPMS/openssh-3.5p1-27767U90_2cl.src.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

• run: apt-get update
• after that, execute: apt-get upgrade

Detailed instructions reagarding the use of apt and upgrade
examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All packages are signed with Conectiva’s GPG key. The key and
instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en

Instructions on how to check the signatures of the RPM packages can
be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com