---

Home Security

Debian: New version of ssh may fix buffer overflows

By 

There has been a lot of confusion over ssh lately: some people think
their systems have been hacked through ssh, although nobody has been
able to produce an exploit. To avoid any possible problems we have
patched ssh to fix any possible buffer overruns. We think this will
stop any attack that might be out there. This also includes the fixes
to the kerberos code that were distributed.

Please note that this patch does not suffer from the license problems
that other patches that have circulated have, since it does not use
the vsnprintf implementation from ssh 2 but instead uses the code from
sendmail (which was based on code floating around on usenet) for systems
that don't have vsnprintf in their libc.

We recommend you upgrade your ssh package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.0 alias hamm
-------------------------------

  This version of Debian was released only for the Intel and the
  Motorola 68xxx architecture.

  Source archives:
     ftp://nonus.debian.org/pub/debian-non-US/Incoming/ssh_1.2.26-1.2.diff.gz
      MD5 checksum: aea3cb04f160dcd1e1c5e80bb3801052  
     ftp://nonus.debian.org/pub/debian-non-US/Incoming/ssh_1.2.26-1.2.dsc
      MD5 checksum: 2e5d7de1130dc8548aa9f0fd51f5fefe  
     ftp://nonus.debian.org/pub/debian-non-US/stable/source/ssh_1.2.26.orig.tar.gz
      MD5 checksum: 2ee46d454015dd01c5e8f074eabf0245  

  Intel architecture:
     ftp://nonus.debian.org/pub/debian-non-US/Incoming/ssh-askpass_1.2.26-1.2_i386.deb
      MD5 checksum: 1d3d84ad4bf3b06f2c7cff0da13e4ed6  
     ftp://nonus.debian.org/pub/debian-non-US/Incoming/ssh_1.2.26-1.2_i386.deb
      MD5 checksum: cba3d5afdb2cfd0e71af8ab3b09a1fbe  

  Motorola 680x0 architecture:
     ftp://nonus.debian.org/pub/debian-non-US/Incoming/ssh-askpass_1.2.26-1.2_m68k.deb
      MD5 checksum: 08fbbc6a7c5dbc480caccd451fd06d91  
     ftp://nonus.debian.org/pub/debian-non-US/Incoming/ssh_1.2.26-1.2_m68k.deb
      MD5 checksum: 33154ec68a8b21e1f5804be6b4868182  

  Alpha architecture:
     ftp://nonus.debian.org/pub/debian-non-US/Incoming/ssh-askpass_1.2.26-1.2_alpha.deb
      MD5 checksum: a4626013ee5595b376ab30836ecbf736  
     ftp://nonus.debian.org/pub/debian-non-US/Incoming/ssh_1.2.26-1.2_alpha.deb
      MD5 checksum: 0319b569a111d9edd690566fd16e965d  

  Powerpc architecture:
     ftp://nonus.debian.org/pub/debian-non-US/Incoming/ssh-askpass_1.2.26-1.2_powerpc.deb
      MD5 checksum: 4f57e8af060c6a8068f2f820d9dfdf7a  
     ftp://nonus.debian.org/pub/debian-non-US/Incoming/ssh_1.2.26-1.2_powerpc.deb
      MD5 checksum: 4dd46892d77af6dbe5cb98d70cb6468f  

  These files will be moved into
   ftp://nonus.debian.org/debian/dists/stable/*/binary-$arch/ soon.

-- 
Debian GNU/Linux      .    Security Managers     .   security@debian.org
              debian-security-announce@lists.debian.org
  Christian Hudon     .     Wichert Akkerman     .     Martin Schulze
<<A HREF="mailto:chrish@debian.org">chrish@debian.org>   .   <<A HREF="mailto:wakkerma@debian.org">wakkerma@debian.org>  .   <<A HREF="mailto:joey@debian.org">joey@debian.org>

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.