RE: [MLUG] Openssh vulnerability

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: MLUG Members <EMAIL:PROTECTED>
Subject: RE: [MLUG] Openssh vulnerability
From: John Engelbrecht <EMAIL:PROTECTED>
Date: Tue, 16 Sep 2003 17:07:02 -0500 (CDT)
In-reply-to: <EMAIL:PROTECTED>
List-archive: <http://mlug.missouri.edu/pipermail/members>
List-help: <mailto:EMAIL:PROTECTED>
List-id: MLUG Members <members.mlug.missouri.edu>
List-post: <mailto:EMAIL:PROTECTED>
List-subscribe: <http://mlug.missouri.edu/mailman/listinfo/members>,<mailto:EMAIL:PROTECTED>
List-unsubscribe: <http://mlug.missouri.edu/mailman/listinfo/members>,<mailto:EMAIL:PROTECTED>
References: <EMAIL:PROTECTED>
Reply-to: MLUG Members <EMAIL:PROTECTED>
Sender: EMAIL:PROTECTED

Linux Community???oh yea, thats right, not everyone here
is using pine, or at least using linux to compose and send mail.

On Tue, 16 Sep 2003, Davis, Ryan W. (UMC-STUDENT) wrote:

> Thanks for the public service announcement. I got this today too from
> RHN. So, everyone, patch your b0x0r5. We don't want an MS.Blaster of the
> Linux community now do we?
>
> Ryan Davis
> Network Programmer Analyst - Student
> IAT Services - DNPS
> University of Missouri-Columbia
> (573)882-2759
> EMAIL:PROTECTED
>
> > -----Original Message-----
> > From: Russell Horn [mailto:EMAIL:PROTECTED]
> > Sent: Tuesday, September 16, 2003 4:59 PM
> > To: 'MLUG Members'
> > Subject: [MLUG] Openssh vulnerability
> >
> > Sorry to distract from the Vulcan ancestry messages over on the
> > discussion list.
> >
> > In case anyone didn't notice, an openssh vulnerability has been
> > discovered and patches made available.
> >
> > 1. Versions affected:
> >
> >         All versions of OpenSSH's sshd prior to 3.7 contain a buffer
> >         management error.  It is uncertain whether this error is
> >         potentially exploitable, however, we prefer to see bugs
> >         fixed proactively.
> >
> > 2. Solution:
> >
> > 	Upgrade to OpenSSH 3.7 or use the source patch at
> > http://www.openssh.com/txt/buffer.adv
> >
> > Links to the backported RPMs for RedHat and SuSE are linked below. For
> > Debian use apt-get to update your system.
> >
> > For RedHat go here
> >
> > https://rhn.redhat.com/errata/RHSA-2003-279.html
> >
> > For SuSE here are the RPMs.
> >
> >     SuSE-8.2:
> >
> >
> ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/openssh-3.5p1-106.i
> > 586.rpm
> >       492d66deaedcfc20c1f0d66e508db790
> >
> >     SuSE-8.1:
> >
> >
> ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/openssh-3.4p1-214.i
> > 586.rpm
> >       dda7728501c8cf17c60eff1862922842
> >
> >     SuSE-8.0:
> >
> >
> ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec1/openssh-3.4p1-214.i386.
> > rpm
> >       2361dccd5b0c83178f8d0d5988b3490e
> >
> >     SuSE-7.3:
> >
> >
> ftp://ftp.suse.com/pub/suse/i386/update/7.3/sec1/openssh-2.9.9p2-155.i38
> > 6.rpm
> >       1418135ed33e59d1ce37ea135617b5bc
> >
> >     SuSE-7.2:
> >
> >
> ftp://ftp.suse.com/pub/suse/i386/update/7.2/sec1/openssh-2.9.9p2-155.i38
> > 6.rpm
> >       e807ecd9c4d167e3ef3764c06af1a511
> >
> > _______________________________________________
> > members mailing list
> > EMAIL:PROTECTED
> > http://mlug.missouri.edu/mailman/listinfo/members
>
> _______________________________________________
> members mailing list
> EMAIL:PROTECTED
> http://mlug.missouri.edu/mailman/listinfo/members
>
_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members

References:
- RE: [MLUG] Openssh vulnerability
  - From: "Davis, Ryan W. (UMC-STUDENT)" <EMAIL:PROTECTED>

Prev by Date: RE: [MLUG] Openssh vulnerability
Next by Date: RE: [MLUG] Openssh vulnerability
Previous by thread: RE: [MLUG] Openssh vulnerability
Next by thread: RE: [MLUG] Openssh vulnerability
Index(es):
- Date
- Thread