Advisories

Mandriva Advisories

Package name	openssh
Date	September 16th, 2003
Advisory ID	MDKSA-2003:090
Affected versions	8.2, 9.0, 9.1, MNF8.2, CS2.1
Synopsis	Updated openssh packages fix buffer management error

Problem Description

A buffer management error was discovered in all versions of openssh
prior to version 3.7. According to the OpenSSH team's advisory:
"It is uncertain whether this error is potentially exploitable,
however, we prefer to see bugs fixed proactively." There have also
been reports of an exploit in the wild.

MandrakeSoft encourages all users to upgrade to these patched openssh
packages immediately and to disable sshd until you are able to upgrade
if at all possible.

Updated Packages

Mandrakelinux 8.2

 eb32286108c21f58ac51d782151539b0  8.2/RPMS/openssh-3.6.1p2-1.1.82mdk.i586.rpm
0267fc6f4c0d893e435b7445fb9f6a23  8.2/RPMS/openssh-askpass-3.6.1p2-1.1.82mdk.i586.rpm
69a090f67dd853d4e60f6905eeeadf20  8.2/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.82mdk.i586.rpm
96e50b6c68e657cc01911414e6836f73  8.2/RPMS/openssh-clients-3.6.1p2-1.1.82mdk.i586.rpm
f52c7678f32ca9cde888068620fb375d  8.2/RPMS/openssh-server-3.6.1p2-1.1.82mdk.i586.rpm
f96f920c60fe9961f107605e60dc0697  8.2/SRPMS/openssh-3.6.1p2-1.1.82mdk.src.rpm

Mandrakelinux 8.2/PPC

 14904d382bc45ae8346202bdc75ccee7  ppc/8.2/RPMS/openssh-3.6.1p2-1.1.82mdk.ppc.rpm
8012ca8e133f76d0a7034945603f4e90  ppc/8.2/RPMS/openssh-askpass-3.6.1p2-1.1.82mdk.ppc.rpm
aa3658d57bacf80a2bc6750a832f7ff8  ppc/8.2/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.82mdk.ppc.rpm
683f8b21c9887f9160efa0cf7211caf0  ppc/8.2/RPMS/openssh-clients-3.6.1p2-1.1.82mdk.ppc.rpm
a919fcf54371e12ece94b84883cdf058  ppc/8.2/RPMS/openssh-server-3.6.1p2-1.1.82mdk.ppc.rpm
f96f920c60fe9961f107605e60dc0697  ppc/8.2/SRPMS/openssh-3.6.1p2-1.1.82mdk.src.rpm

Mandrakelinux 9.0

 5800ea0b5c436851c04e153a2d8b7706  9.0/RPMS/openssh-3.6.1p2-1.1.90mdk.i586.rpm
ca2a0c392a3b2400139b4bfbdd61121a  9.0/RPMS/openssh-askpass-3.6.1p2-1.1.90mdk.i586.rpm
51b4d8bcc2e3c92850dd29a41da1ecbc  9.0/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.90mdk.i586.rpm
dd421c26a2c1b5092cc1947394f87cfa  9.0/RPMS/openssh-clients-3.6.1p2-1.1.90mdk.i586.rpm
933a01509877c76a2c16b4c129bd7bbe  9.0/RPMS/openssh-server-3.6.1p2-1.1.90mdk.i586.rpm
54299aeb96b49e1d8ef6a4dcc826eba1  9.0/SRPMS/openssh-3.6.1p2-1.1.90mdk.src.rpm

Mandrakelinux 9.1

 b428536c41761ef1295a5c424fe7090f  9.1/RPMS/openssh-3.6.1p2-1.1.91mdk.i586.rpm
6b0f784e9a9eb0a5f81682cfed347533  9.1/RPMS/openssh-askpass-3.6.1p2-1.1.91mdk.i586.rpm
1de0d5a790a8b049d936a66f9cbef637  9.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.91mdk.i586.rpm
8be79fe54ec8fa4e6e262747b9a266f6  9.1/RPMS/openssh-clients-3.6.1p2-1.1.91mdk.i586.rpm
43c07ba3f3f4ba38f5d215dc1e62b19d  9.1/RPMS/openssh-server-3.6.1p2-1.1.91mdk.i586.rpm
6c50e55e209175d774c39512e31da4ff  9.1/SRPMS/openssh-3.6.1p2-1.1.91mdk.src.rpm

Mandrakelinux 9.1/PPC

 cea0afcd1c654e52eaeafde47e0b9cdd  ppc/9.1/RPMS/openssh-3.6.1p2-1.1.91mdk.ppc.rpm
937cafe7c1d2bc005bde44157a3ce32a  ppc/9.1/RPMS/openssh-askpass-3.6.1p2-1.1.91mdk.ppc.rpm
b96a79881c74002e80088e73b0b5420a  ppc/9.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.91mdk.ppc.rpm
c11f8f2648eda9d127f7cbf4e20dd768  ppc/9.1/RPMS/openssh-clients-3.6.1p2-1.1.91mdk.ppc.rpm
65761615af545350699e27771761acd0  ppc/9.1/RPMS/openssh-server-3.6.1p2-1.1.91mdk.ppc.rpm
6c50e55e209175d774c39512e31da4ff  ppc/9.1/SRPMS/openssh-3.6.1p2-1.1.91mdk.src.rpm

Multi Network Firewall 8.2

 eb32286108c21f58ac51d782151539b0  mnf8.2/RPMS/openssh-3.6.1p2-1.1.82mdk.i586.rpm
96e50b6c68e657cc01911414e6836f73  mnf8.2/RPMS/openssh-clients-3.6.1p2-1.1.82mdk.i586.rpm
f52c7678f32ca9cde888068620fb375d  mnf8.2/RPMS/openssh-server-3.6.1p2-1.1.82mdk.i586.rpm
f96f920c60fe9961f107605e60dc0697  mnf8.2/SRPMS/openssh-3.6.1p2-1.1.82mdk.src.rpm

Corporate Server 2.1

 5800ea0b5c436851c04e153a2d8b7706  corporate/2.1/RPMS/openssh-3.6.1p2-1.1.90mdk.i586.rpm
ca2a0c392a3b2400139b4bfbdd61121a  corporate/2.1/RPMS/openssh-askpass-3.6.1p2-1.1.90mdk.i586.rpm
51b4d8bcc2e3c92850dd29a41da1ecbc  corporate/2.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.90mdk.i586.rpm
dd421c26a2c1b5092cc1947394f87cfa  corporate/2.1/RPMS/openssh-clients-3.6.1p2-1.1.90mdk.i586.rpm
933a01509877c76a2c16b4c129bd7bbe  corporate/2.1/RPMS/openssh-server-3.6.1p2-1.1.90mdk.i586.rpm
54299aeb96b49e1d8ef6a4dcc826eba1  corporate/2.1/SRPMS/openssh-3.6.1p2-1.1.90mdk.src.rpm

Corporate Server 2.1/X86_64

 5da7de9e35a314a9acc21ee0024c8a55  x86_64/corporate/2.1/RPMS/openssh-3.6.1p2-1.1.90mdk.x86_64.rpm
fb60f30f5241741ef2276d8616553a84  x86_64/corporate/2.1/RPMS/openssh-askpass-3.6.1p2-1.1.90mdk.x86_64.rpm
c41f38e43f87231c639f6a0fcbb2d065  x86_64/corporate/2.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.90mdk.x86_64.rpm
c826364829aba4704f1b5435b4ab3319  x86_64/corporate/2.1/RPMS/openssh-clients-3.6.1p2-1.1.90mdk.x86_64.rpm
7b4f9e6970d4bc7ef7ac55e7824247c6  x86_64/corporate/2.1/RPMS/openssh-server-3.6.1p2-1.1.90mdk.x86_64.rpm
54299aeb96b49e1d8ef6a4dcc826eba1  x86_64/corporate/2.1/SRPMS/openssh-3.6.1p2-1.1.90mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0693
http://www.kb.cert.org/vuls/id/333628
http://www.openssh.com/txt/buffer.adv

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer