Advisories
Mandriva Advisories
|
 |
| Problem Description |
In some circumstances, the sshd server may not honor the "from=" option
that can be associated with a key in a user's ~/.ssh/authorized_keys2
file if multiple keys are listed. This could allow key-based logins
from hosts which should not be allowed access.
| Updated Packages |
Mandrakelinux 7.1
84be3c5bcaa282b42330b5d3d5ddcd12 7.1/RPMS/openssh-2.9.9p2-2.4mdk.i586.rpm d2067fdc1ff38050fb2871bfc4cc3d7f 7.1/RPMS/openssh-askpass-2.9.9p2-2.4mdk.i586.rpm b9e4fc52184006ee04071af72791594a 7.1/RPMS/openssh-askpass-gnome-2.9.9p2-2.4mdk.i586.rpm 9fef6ade9656130a4d21d4bc3fa598d2 7.1/RPMS/openssh-clients-2.9.9p2-2.4mdk.i586.rpm 106280632e07bce010d4cea8b3b90998 7.1/RPMS/openssh-server-2.9.9p2-2.4mdk.i586.rpm 82be8d70f90ba6efa244054408a24005 7.1/SRPMS/openssh-2.9.9p2-2.4mdk.src.rpm
Mandrakelinux 7.2
165cd88625e0cf9875739b9d932ec65d 7.2/RPMS/openssh-2.9.9p2-2.3mdk.i586.rpm d7bb63483656bbf7988449692098aae3 7.2/RPMS/openssh-askpass-2.9.9p2-2.3mdk.i586.rpm 7822b53e2db0c9aa35b399898e6c9244 7.2/RPMS/openssh-askpass-gnome-2.9.9p2-2.3mdk.i586.rpm 1b816fb409fbf2a68a7c8c3993725ee7 7.2/RPMS/openssh-clients-2.9.9p2-2.3mdk.i586.rpm f1478ef3ea27feb6645423ca97aee54b 7.2/RPMS/openssh-server-2.9.9p2-2.3mdk.i586.rpm 6912fa08e07f88ba1935f3b1ed672cdf 7.2/SRPMS/openssh-2.9.9p2-2.3mdk.src.rpm
Mandrakelinux 8.0
6f0371285f41bd7e3d98e23eabca48af 8.0/RPMS/openssh-2.9.9p2-2.2mdk.i586.rpm 1727d402aa43854c7aa01651633ba817 8.0/RPMS/openssh-askpass-2.9.9p2-2.2mdk.i586.rpm a56bd774c19eb1da99216b31b74461a0 8.0/RPMS/openssh-askpass-gnome-2.9.9p2-2.2mdk.i586.rpm 62f876a9ef06762db6c778d7985be10f 8.0/RPMS/openssh-clients-2.9.9p2-2.2mdk.i586.rpm 5be73ac0a84ce2386cb62d5fdf213d11 8.0/RPMS/openssh-server-2.9.9p2-2.2mdk.i586.rpm 237fbb898f0763fa66ab50da997a5f74 8.0/SRPMS/openssh-2.9.9p2-2.2mdk.src.rpm
Mandrakelinux 8.0/PPC
30b82eb66a99f23b9ef9458d9aac7bf6 ppc/8.0/RPMS/openssh-2.9.9p2-2.2mdk.ppc.rpm 51fd76a9dd6f5c266c07c1c2d98c4ff5 ppc/8.0/RPMS/openssh-askpass-2.9.9p2-2.2mdk.ppc.rpm 2118c012e4a1d3f99cb4b75b24dd43ea ppc/8.0/RPMS/openssh-askpass-gnome-2.9.9p2-2.2mdk.ppc.rpm 1833dfc646b5d79fa6b8949a500b340b ppc/8.0/RPMS/openssh-clients-2.9.9p2-2.2mdk.ppc.rpm 20fe0eeb93f02b0677c2b8d7913ea1a1 ppc/8.0/RPMS/openssh-server-2.9.9p2-2.2mdk.ppc.rpm 237fbb898f0763fa66ab50da997a5f74 ppc/8.0/SRPMS/openssh-2.9.9p2-2.2mdk.src.rpm
Mandrakelinux 8.1
fa23d1764b38f658cf1d21e0a9cf3521 8.1/RPMS/openssh-2.9.9p2-2.1mdk.i586.rpm 10e58545128d2960a363a5af1fc8e386 8.1/RPMS/openssh-askpass-2.9.9p2-2.1mdk.i586.rpm 1e85080be65393b2584c3d32af0d4f1f 8.1/RPMS/openssh-askpass-gnome-2.9.9p2-2.1mdk.i586.rpm 790a022406078f33039db0d82f6c2a49 8.1/RPMS/openssh-clients-2.9.9p2-2.1mdk.i586.rpm 7d5d736ab419919ab8fbb5d0b38644d1 8.1/RPMS/openssh-server-2.9.9p2-2.1mdk.i586.rpm b31d50fd92af60987be31639ca6998b3 8.1/SRPMS/openssh-2.9.9p2-2.1mdk.src.rpm
Corporate Server 1.0.1
84be3c5bcaa282b42330b5d3d5ddcd12 1.0.1/RPMS/openssh-2.9.9p2-2.4mdk.i586.rpm d2067fdc1ff38050fb2871bfc4cc3d7f 1.0.1/RPMS/openssh-askpass-2.9.9p2-2.4mdk.i586.rpm b9e4fc52184006ee04071af72791594a 1.0.1/RPMS/openssh-askpass-gnome-2.9.9p2-2.4mdk.i586.rpm 9fef6ade9656130a4d21d4bc3fa598d2 1.0.1/RPMS/openssh-clients-2.9.9p2-2.4mdk.i586.rpm 106280632e07bce010d4cea8b3b90998 1.0.1/RPMS/openssh-server-2.9.9p2-2.4mdk.i586.rpm 82be8d70f90ba6efa244054408a24005 1.0.1/SRPMS/openssh-2.9.9p2-2.4mdk.src.rpm
| References |
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=216702&start=2001-09-24&end=2001-09-30
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.