Date: Fri, 28 Jun 2002 14:06:50 +0200
From: (Trustix Secure Linux Advisor) <[email protected]>
To: [email protected]Subject: TSL-2002-0059 - openssh
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2002-0059
Package name: openssh
Summary: Remote root exploit
Date: 2002-06-28
Affected versions: TSL 1.1, 1.2, 1.5
- --------------------------------------------------------------------------
Problem description:
There has been discovered a couple of bugs in serveral versions of
OpenSSH including version 3.1p1 which is shipped with TSL. As later
versions of OpenSSH introduces rather large changes in functionality
and our public testing revealed a few issues not yet solved, we chose
to apply the patches supplied by the OpenSSH project rather than
upgrade to the latest version.
Action:
We recommend that all systems with this package installed are upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All TSL updates are available from
<URI:http://www.trustix.net/pub/Trustix/updates/>
<URI:ftp://ftp.trustix.net/pub/Trustix/updates/>
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Get SWUP from:
<URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>
Public testing:
These packages have been available for public testing for some time.
If you want to contribute by testing the various packages in the
testing tree, please feel free to share your findings on the
tsl-discuss mailinglist.
The testing tree is located at
<URI:http://www.trustix.net/pub/Trustix/testing/>
<URI:ftp://ftp.trustix.net/pub/Trustix/testing/>
Questions?
Check out our mailing lists:
<URI:http://www.trustix.net/support/>
Verification:
This advisory along with all TSL packages are signed with the TSL sign key.
This key is available from:
<URI:http://www.trustix.net/TSL-GPG-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.net/errata/trustix-1.2/> and
<URI:http://www.trustix.net/errata/trustix-1.5/>
or directly at
<URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0059-openssh.asc.txt>
MD5sums of the packages:
- --------------------------------------------------------------------------
918cd18ec576cf0f64a7249fa5a749a3 ./1.5/SRPMS/openssh-3.1.0p1-4tr.src.rpm
2a75912515a7751b06ee767f6691a3b7 ./1.5/RPMS/openssh-server-3.1.0p1-4tr.i586.rpm
b3a08640bf14499d41ce77eb18bfdc17 ./1.5/RPMS/openssh-clients-3.1.0p1-4tr.i586.rpm
f39806e0d245e16c8b5e7cb26720d68c ./1.5/RPMS/openssh-3.1.0p1-4tr.i586.rpm
918cd18ec576cf0f64a7249fa5a749a3 ./1.2/SRPMS/openssh-3.1.0p1-4tr.src.rpm
f8f1e3ab0b66126d2c49492d4dfe546d ./1.2/RPMS/openssh-server-3.1.0p1-4tr.i586.rpm
843c5da5188028f548eb17a100bfa918 ./1.2/RPMS/openssh-clients-3.1.0p1-4tr.i586.rpm
6cff92b54b57d72dfd045e99213a256e ./1.2/RPMS/openssh-3.1.0p1-4tr.i586.rpm
918cd18ec576cf0f64a7249fa5a749a3 ./1.1/SRPMS/openssh-3.1.0p1-4tr.src.rpm
5e3a8a10ac5a1618ae537def9d8dab49 ./1.1/RPMS/openssh-server-3.1.0p1-4tr.i586.rpm
9940e111296858a59bc9b99205809cff ./1.1/RPMS/openssh-clients-3.1.0p1-4tr.i586.rpm
19213bbb056c55cc581e99df97cf06ee ./1.1/RPMS/openssh-3.1.0p1-4tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD4DBQE9HByswRTcg4BxxS0RAt+ZAJiWPaLvWRe+YKPVKbqIPOZkSOM0AJ9ZuybD
COzpDhfYUOIj45uLSeta9g==
=YCjW
-----END PGP SIGNATURE-----