Advisories

Mandriva Advisories

Package name	openssh
Date	November 13th, 2000
Advisory ID	MDKSA-2000:068
Affected versions	7.0, 7.1, 7.2
Synopsis	Updated openssh packages fix improper checking of X11 forwarding permissions

Problem Description

A vulnerability exists with all versions of OpenSSH prior to 2.3.0 with
regards to the X11 forwarding and ssh-agent. If agent or X11
forwarding is disabled in the ssh client configuration, the client does
not request these features during session setup. However, when the ssh
client receives an actual request asking for access to the ssh-agent,
the client fails to check whether this feature has been negotiated
during session setup. The client does not check whether the request is
in compliance with the client configuration and grants access to the
ssh-agent. A similar problem exists in the X11 forwarding
implementation.

Updated Packages

Mandrakelinux 7.0

 c487637c7c67584037f5d7f32ceb4bd0  7.0/RPMS/openssh-2.3.0p1-7.2mdk.i586.rpm
ea47d2712a1d778a25f605b346b0a3df  7.0/RPMS/openssh-askpass-2.3.0p1-7.2mdk.i586.rpm
8bd652818596ae1e8685bdde7eaa061c  7.0/RPMS/openssh-askpass-gnome-2.3.0p1-7.2mdk.i586.rpm
0ecd5317bac4cabd8f741fdb303016dd  7.0/RPMS/openssh-clients-2.3.0p1-7.2mdk.i586.rpm
44f0e05acf28a7f8ef14c70b5caf508f  7.0/RPMS/openssh-server-2.3.0p1-7.2mdk.i586.rpm
688d994c5e437e305a3b5d3e970ecbd6  7.0/SRPMS/openssh-2.3.0p1-7.2mdk.src.rpm

Mandrakelinux 7.1

 849f5c15c69811be37e1f67bec540816  7.1/RPMS/openssh-2.3.0p1-7.2mdk.i586.rpm
a06c583ead7df4ef7c3fb8e5f9c9d57d  7.1/RPMS/openssh-askpass-2.3.0p1-7.2mdk.i586.rpm
6d8f0c741a1478059d5361844fc863e0  7.1/RPMS/openssh-askpass-gnome-2.3.0p1-7.2mdk.i586.rpm
9d6ddd35ab5888ad4f4277c8c9abf615  7.1/RPMS/openssh-clients-2.3.0p1-7.2mdk.i586.rpm
55c388f53f13484718243a1f0071dbb2  7.1/RPMS/openssh-server-2.3.0p1-7.2mdk.i586.rpm
688d994c5e437e305a3b5d3e970ecbd6  7.1/SRPMS/openssh-2.3.0p1-7.2mdk.src.rpm

Mandrakelinux 7.2

 17c76fbe98323e5921640f30422aa2b1  7.2/RPMS/openssh-2.3.0p1-7.1mdk.i586.rpm
9c72974653bfdb2d1e02ddbc1897f00b  7.2/RPMS/openssh-askpass-2.3.0p1-7.1mdk.i586.rpm
67c990f971b9b81ecb1834393a3ebc0d  7.2/RPMS/openssh-askpass-gnome-2.3.0p1-7.1mdk.i586.rpm
83a19718139506cd92303e1e59ed0413  7.2/RPMS/openssh-clients-2.3.0p1-7.1mdk.i586.rpm
0ad740d9dc37c58a66976b5d84efb5a6  7.2/RPMS/openssh-server-2.3.0p1-7.1mdk.i586.rpm
f7c747d5c7d93dc0e1108b1a28f3aa47  7.2/SRPMS/openssh-2.3.0p1-7.1mdk.src.rpm

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer