---

Home Security

Mandrake Linux Advisory: openssh

By

Mandrake Linux Security Update Advisory

Package name: openssh
Advisory ID: MDKSA-2003:090
Date: September 16th, 2003
Affected versions: 8.2, 9.0, 9.1, Corporate Server 2.1, Multi Network Firewall
8.2

Problem Description:

A buffer management error was discovered in all versions of
openssh prior to version 3.7. According to the OpenSSH team’s
advisory: “It is uncertain whether this error is potentially
exploitable, however, we prefer to see bugs fixed proactively.”
There have also been reports of an exploit in the wild.

MandrakeSoft encourages all users to upgrade to these patched
openssh packages immediately and to disable sshd until you are able
to upgrade if at all possible.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0693

http://www.kb.cert.org/vuls/id/333628

http://www.openssh.com/txt/buffer.adv

Updated Packages:

Corporate Server 2.1:
5800ea0b5c436851c04e153a2d8b7706
corporate/2.1/RPMS/openssh-3.6.1p2-1.1.90mdk.i586.rpm
ca2a0c392a3b2400139b4bfbdd61121a
corporate/2.1/RPMS/openssh-askpass-3.6.1p2-1.1.90mdk.i586.rpm
51b4d8bcc2e3c92850dd29a41da1ecbc
corporate/2.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.90mdk.i586.rpm

dd421c26a2c1b5092cc1947394f87cfa
corporate/2.1/RPMS/openssh-clients-3.6.1p2-1.1.90mdk.i586.rpm
933a01509877c76a2c16b4c129bd7bbe
corporate/2.1/RPMS/openssh-server-3.6.1p2-1.1.90mdk.i586.rpm
54299aeb96b49e1d8ef6a4dcc826eba1
corporate/2.1/SRPMS/openssh-3.6.1p2-1.1.90mdk.src.rpm

Corporate Server 2.1/x86_64:
5da7de9e35a314a9acc21ee0024c8a55
x86_64/corporate/2.1/RPMS/openssh-3.6.1p2-1.1.90mdk.x86_64.rpm
fb60f30f5241741ef2276d8616553a84
x86_64/corporate/2.1/RPMS/openssh-askpass-3.6.1p2-1.1.90mdk.x86_64.rpm

c41f38e43f87231c639f6a0fcbb2d065
x86_64/corporate/2.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.90mdk.x86_64.rpm

c826364829aba4704f1b5435b4ab3319
x86_64/corporate/2.1/RPMS/openssh-clients-3.6.1p2-1.1.90mdk.x86_64.rpm

7b4f9e6970d4bc7ef7ac55e7824247c6
x86_64/corporate/2.1/RPMS/openssh-server-3.6.1p2-1.1.90mdk.x86_64.rpm

54299aeb96b49e1d8ef6a4dcc826eba1
x86_64/corporate/2.1/SRPMS/openssh-3.6.1p2-1.1.90mdk.src.rpm

Mandrake Linux 8.2:
eb32286108c21f58ac51d782151539b0
8.2/RPMS/openssh-3.6.1p2-1.1.82mdk.i586.rpm
0267fc6f4c0d893e435b7445fb9f6a23
8.2/RPMS/openssh-askpass-3.6.1p2-1.1.82mdk.i586.rpm
69a090f67dd853d4e60f6905eeeadf20
8.2/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.82mdk.i586.rpm
96e50b6c68e657cc01911414e6836f73
8.2/RPMS/openssh-clients-3.6.1p2-1.1.82mdk.i586.rpm
f52c7678f32ca9cde888068620fb375d
8.2/RPMS/openssh-server-3.6.1p2-1.1.82mdk.i586.rpm
f96f920c60fe9961f107605e60dc0697
8.2/SRPMS/openssh-3.6.1p2-1.1.82mdk.src.rpm

Mandrake Linux 8.2/PPC:
14904d382bc45ae8346202bdc75ccee7
ppc/8.2/RPMS/openssh-3.6.1p2-1.1.82mdk.ppc.rpm
8012ca8e133f76d0a7034945603f4e90
ppc/8.2/RPMS/openssh-askpass-3.6.1p2-1.1.82mdk.ppc.rpm
aa3658d57bacf80a2bc6750a832f7ff8
ppc/8.2/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.82mdk.ppc.rpm
683f8b21c9887f9160efa0cf7211caf0
ppc/8.2/RPMS/openssh-clients-3.6.1p2-1.1.82mdk.ppc.rpm
a919fcf54371e12ece94b84883cdf058
ppc/8.2/RPMS/openssh-server-3.6.1p2-1.1.82mdk.ppc.rpm
f96f920c60fe9961f107605e60dc0697
ppc/8.2/SRPMS/openssh-3.6.1p2-1.1.82mdk.src.rpm

Mandrake Linux 9.0:
5800ea0b5c436851c04e153a2d8b7706
9.0/RPMS/openssh-3.6.1p2-1.1.90mdk.i586.rpm
ca2a0c392a3b2400139b4bfbdd61121a
9.0/RPMS/openssh-askpass-3.6.1p2-1.1.90mdk.i586.rpm
51b4d8bcc2e3c92850dd29a41da1ecbc
9.0/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.90mdk.i586.rpm
dd421c26a2c1b5092cc1947394f87cfa
9.0/RPMS/openssh-clients-3.6.1p2-1.1.90mdk.i586.rpm
933a01509877c76a2c16b4c129bd7bbe
9.0/RPMS/openssh-server-3.6.1p2-1.1.90mdk.i586.rpm
54299aeb96b49e1d8ef6a4dcc826eba1
9.0/SRPMS/openssh-3.6.1p2-1.1.90mdk.src.rpm

Mandrake Linux 9.1:
b428536c41761ef1295a5c424fe7090f
9.1/RPMS/openssh-3.6.1p2-1.1.91mdk.i586.rpm
6b0f784e9a9eb0a5f81682cfed347533
9.1/RPMS/openssh-askpass-3.6.1p2-1.1.91mdk.i586.rpm
1de0d5a790a8b049d936a66f9cbef637
9.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.91mdk.i586.rpm
8be79fe54ec8fa4e6e262747b9a266f6
9.1/RPMS/openssh-clients-3.6.1p2-1.1.91mdk.i586.rpm
43c07ba3f3f4ba38f5d215dc1e62b19d
9.1/RPMS/openssh-server-3.6.1p2-1.1.91mdk.i586.rpm
6c50e55e209175d774c39512e31da4ff
9.1/SRPMS/openssh-3.6.1p2-1.1.91mdk.src.rpm

Mandrake Linux 9.1/PPC:
cea0afcd1c654e52eaeafde47e0b9cdd
ppc/9.1/RPMS/openssh-3.6.1p2-1.1.91mdk.ppc.rpm
937cafe7c1d2bc005bde44157a3ce32a
ppc/9.1/RPMS/openssh-askpass-3.6.1p2-1.1.91mdk.ppc.rpm
b96a79881c74002e80088e73b0b5420a
ppc/9.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.91mdk.ppc.rpm
c11f8f2648eda9d127f7cbf4e20dd768
ppc/9.1/RPMS/openssh-clients-3.6.1p2-1.1.91mdk.ppc.rpm
65761615af545350699e27771761acd0
ppc/9.1/RPMS/openssh-server-3.6.1p2-1.1.91mdk.ppc.rpm
6c50e55e209175d774c39512e31da4ff
ppc/9.1/SRPMS/openssh-3.6.1p2-1.1.91mdk.src.rpm

Multi Network Firewall 8.2:
eb32286108c21f58ac51d782151539b0
mnf8.2/RPMS/openssh-3.6.1p2-1.1.82mdk.i586.rpm
96e50b6c68e657cc01911414e6836f73
mnf8.2/RPMS/openssh-clients-3.6.1p2-1.1.82mdk.i586.rpm
f52c7678f32ca9cde888068620fb375d
mnf8.2/RPMS/openssh-server-3.6.1p2-1.1.82mdk.i586.rpm
f96f920c60fe9961f107605e60dc0697
mnf8.2/SRPMS/openssh-3.6.1p2-1.1.82mdk.src.rpm

Bug IDs fixed (see https://qa.mandrakesoft.com for
more information):

To upgrade automatically, use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security. You can
obtain the GPG public key of the Mandrake Linux Security Team by
executing:

gpg –recv-keys –keyserver www.mandrakesecure.net
0x22458A98

Please be aware that sometimes it takes the mirrors a few hours
to update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services
that anyone can subscribe to. Information on these lists can be
obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security
linux-mandrake.com>

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.