200309-12
Published: 2003-09-17 02:45:00
Updated: 2003-09-17 02:45:00
- - -
---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200309-12
- - -
---------------------------------------------------------------------
PACKAGE : openssh
SUMMARY : buffer management error
DATE : 2003-09-16 22:53 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <=openssh-3.7_p1
FIXED VERSION : >=openssh-3.7.1_p1
CVE : CAN-2003-0693
- - -
---------------------------------------------------------------------
quote from advisory:
"All versions of OpenSSH's sshd prior to 3.7 contain a buffer management
error. It is uncertain whether this error is potentially
exploitable,however, we prefer to see bugs fixed proactively."
read the full advisory at:
http://www.openssh.com/txt/buffer.adv
This is a follow up advisory to indicate the further fixes have been
made. From the ChangeLog:
- (djm) OpenBSD Sync
- markus@cvs.openbsd.org 2003/09/16 21:02:40
[buffer.c channels.c version.h]
more malloc/fatal fixes; ok millert/deraadt; ghudson at MIT.EDU
(reported on http://bugs.gentoo.org/show_bug.cgi?id=28927 by
Christian Rubbert <ceed@xrc.de>)
SOLUTION
It is recommended that all Gentoo Linux users who are running
net-misc/openssh upgrade to openssh-3.7.1_p1 as follows:
emerge sync
emerge openssh
emerge clean
- - ---------------------------------------------------------------
