SecurityFocus BUGTRAQ Mailing List: BugTraqLink Number One Link Number One Link Number Two Link Number Two Link Number One Link Number One Link Number Two Link Number Two Entire Site Advisories Calendar Columnists Elsewhere Guest Feature Infocus Library Links Mailing Lists (all) -- BUGTRAQ -- FOCUS-IDS -- FOCUS-IH -- FOCUS-LINUX -- FOCUS-MS -- FOCUS-SUN -- FOCUS-VIRUS -- FORENSICS -- INCIDENTS -- PEN-TEST -- SEC JOBS -- SF NEWS -- VULN-DEV News Products Services Tools Vulns BUGTRAQ ARCHIVE [ Message Index ] [ Thread Index ][ Reply ] [ prev Msg by Date ][ next Msg by Date ] To: BugTraq Subject: [slackware-security] New OpenSSH packages (SSA:2003-266-01) Date: Sep 24 2003 6:06AM Author: Slackware Security Team Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] New OpenSSH packages (SSA:2003-266-01) Upgraded OpenSSH 3.7.1p2 packages are available for Slackware 8.1, 9.0 and -current. This fixes security problems with PAM authentication. It also includes several code cleanups from Solar Designer. Slackware is not vulnerable to the PAM problem, and it is not believed that any of the other code cleanups fix exploitable security problems, not nevertheless sites may wish to upgrade. These are some of the more interesting entries from OpenSSH's ChangeLog so you can be the judge: [buffer.c] protect against double free; #660; zardoz at users.sf.net - markus cvs openbsd org 2003/09/18 08:49:45 [deattack.c misc.c session.c ssh-agent.c] more buffer allocation fixes; from Solar Designer; CAN-2003-0682; ok millert@ - (djm) Bug #676: Fix PAM stack corruption - (djm) Fix bad free() in PAM code WHERE TO FIND THE NEW PACKAGES: +-----------------------------+ Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssh-3.7.1p2- i386-1.tgz Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssh-3.7.1p2- i386-1.tgz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-3.7.1p2- i486-1.tgz MD5 SIGNATURES: +-------------+ Slackware 8.1 package: 7ee5b3d42fc539325afe1c5c9bb75e95 openssh-3.7.1p2-i386-1.tgz Slackware 9.0 package: a8869a2c33e62075eed6a5ed03600bfa openssh-3.7.1p2-i386-1.tgz Slackware -current package: 9b5c5f292809524b1b54466e9c98407f openssh-3.7.1p2-i486-1.tgz INSTALLATION INSTRUCTIONS: +------------------------+ (This procedure is safe to do while logged in through OpenSSH) Upgrade using upgradepkg (as root): # upgradepkg openssh-3.7.1p2-i386-1.tgz Restart OpenSSH: . /etc/rc.d/rc.sshd restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security slackware com +------------------------------------------------------------------------+ | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | +------------------------------------------------------------------------+ | Send an email to majordomo slackware com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/cS0KakRjwEAQIjMRAq9gAJ9XkFO99GlW5sWUAagtqDtg8FFW3QCgh4cq 0HYC+kLYqgttgIT5wLJ4QZI= =hnDZ -----END PGP SIGNATURE----- Want to link to this message? Use this URL: Disclaimer, Terms & Conditions About this List Featured Lists: ARIS Users bugtraq bugtraq-es bugtraq-french NEW bugtraq-jp firewalls focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics forensics-es honeypots incidents libnet pen-test secevents secpapers secprog sectools secureshell security-basics security-management NEW securityjobs vpn vuln-dev webappsec Newsletters: sf-news ms-secnews linux-secnews [ more . . . ] Privacy Statement Copyright © 1999-2003 SecurityFocus