RE: [MLUG] Openssh vulnerability

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "MLUG Members" <EMAIL:PROTECTED>
Subject: RE: [MLUG] Openssh vulnerability
From: "Davis, Ryan W. (UMC-STUDENT)" <EMAIL:PROTECTED>
Date: Tue, 16 Sep 2003 17:03:24 -0500
List-archive: <http://mlug.missouri.edu/pipermail/members>
List-help: <mailto:EMAIL:PROTECTED>
List-id: MLUG Members <members.mlug.missouri.edu>
List-post: <mailto:EMAIL:PROTECTED>
List-subscribe: <http://mlug.missouri.edu/mailman/listinfo/members>,<mailto:EMAIL:PROTECTED>
List-unsubscribe: <http://mlug.missouri.edu/mailman/listinfo/members>,<mailto:EMAIL:PROTECTED>
Reply-to: MLUG Members <EMAIL:PROTECTED>
Sender: EMAIL:PROTECTED
Thread-index: AcN8nfw2w9eymli4SJOdmdkk0RK+SAAAC19w
Thread-topic: [MLUG] Openssh vulnerability

Thanks for the public service announcement. I got this today too from
RHN. So, everyone, patch your b0x0r5. We don't want an MS.Blaster of the
Linux community now do we?

Ryan Davis
Network Programmer Analyst - Student
IAT Services - DNPS
University of Missouri-Columbia
(573)882-2759
EMAIL:PROTECTED

> -----Original Message-----
> From: Russell Horn [mailto:EMAIL:PROTECTED]
> Sent: Tuesday, September 16, 2003 4:59 PM
> To: 'MLUG Members'
> Subject: [MLUG] Openssh vulnerability
> 
> Sorry to distract from the Vulcan ancestry messages over on the
> discussion list.
> 
> In case anyone didn't notice, an openssh vulnerability has been
> discovered and patches made available.
> 
> 1. Versions affected:
> 
>         All versions of OpenSSH's sshd prior to 3.7 contain a buffer
>         management error.  It is uncertain whether this error is
>         potentially exploitable, however, we prefer to see bugs
>         fixed proactively.
> 
> 2. Solution:
> 
> 	Upgrade to OpenSSH 3.7 or use the source patch at
> http://www.openssh.com/txt/buffer.adv
> 
> Links to the backported RPMs for RedHat and SuSE are linked below. For
> Debian use apt-get to update your system.
> 
> For RedHat go here
> 
> https://rhn.redhat.com/errata/RHSA-2003-279.html
> 
> For SuSE here are the RPMs.
> 
>     SuSE-8.2:
> 
>
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/openssh-3.5p1-106.i
> 586.rpm
>       492d66deaedcfc20c1f0d66e508db790
> 
>     SuSE-8.1:
> 
>
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/openssh-3.4p1-214.i
> 586.rpm
>       dda7728501c8cf17c60eff1862922842
> 
>     SuSE-8.0:
> 
>
ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec1/openssh-3.4p1-214.i386.
> rpm
>       2361dccd5b0c83178f8d0d5988b3490e
> 
>     SuSE-7.3:
> 
>
ftp://ftp.suse.com/pub/suse/i386/update/7.3/sec1/openssh-2.9.9p2-155.i38
> 6.rpm
>       1418135ed33e59d1ce37ea135617b5bc
> 
>     SuSE-7.2:
> 
>
ftp://ftp.suse.com/pub/suse/i386/update/7.2/sec1/openssh-2.9.9p2-155.i38
> 6.rpm
>       e807ecd9c4d167e3ef3764c06af1a511
> 
> _______________________________________________
> members mailing list
> EMAIL:PROTECTED
> http://mlug.missouri.edu/mailman/listinfo/members

_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members

Follow-Ups:
- RE: [MLUG] Openssh vulnerability
  - From: John Engelbrecht <EMAIL:PROTECTED>

Prev by Date: [MLUG] Openssh vulnerability
Next by Date: RE: [MLUG] Openssh vulnerability
Previous by thread: Re: [MLUG] mysql problem
Next by thread: RE: [MLUG] Openssh vulnerability
Index(es):
- Date
- Thread