Date: Mon, 17 Sep 2007 12:06:13 -0800
From: Foresight Linux Essential Announcement Service <foresight-security-noreply@foresightlinux.org.>
To: [email protected]Subject: FLEA-2007-0055-1 openssh openssh-client openssh-server
gnome-ssh-askpass
Message-ID: <46eede35.gaoRHYaeUKFx8YYS%[email protected]>
User-Agent: Heirloom mailx 12.2 01/07/07
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Foresight Linux Essential Advisory: 2007-0055-1
Published: 2007-09-17
Rating: Minor
Updated Versions:
openssh=/conary.rpath.com@rpl:devel//1//foresight.rpath.org@fl:1-devel//1/4.7p1-0.1.1-1
openssh-client=/conary.rpath.com@rpl:devel//1//foresight.rpath.org@fl:1-devel//1/4.7p1-0.1.1-1
openssh-server=/conary.rpath.com@rpl:devel//1//foresight.rpath.org@fl:1-devel//1/4.7p1-0.1.1-1
gnome-ssh-askpass=/conary.rpath.com@rpl:devel//1//foresight.rpath.org@fl:1-devel//1/4.7p1-0.1.1-1
group-dist=/foresight.rpath.org@fl:1-devel//1/1.3.2-0.19-5
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
https://issues.rpath.com/browse/RPL-1706
http://www.openssh.com/txt/release-4.7
Description:
Previous versions of openssh could use a trusted X11 cookie if creation
of an untrusted cookie failed, a minor privilege escalation attack.
- ---
Copyright 2007 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)
iQIVAwUBRu7eIdfwEn07iAtZAQI1mA//QD4v/aBMlEBccfwRbnfqwLPqHIFw/am+
9x5FhyCcp7n/t6vgwt4sYw8LOhUD2HdmRv5dL9zQ5KRB11Ed7nMwBrUje15+tu3h
TkE/NOZxkWUFrrJ6EpFFHkCAhz9zyCvV0HtVkPi+yHYL5N+VYU5Ez/EcB98hXNaG
EWlLwMT1WU230CwP3mb82Tjwah2aLJAVK/jDoieaxfMr0KinBaK9e55sjBuuTrE2
zhvkzlO8MKsL3IHZaK4RtKL6OCBp0aFbzCJTuHnSwkjyrNmQOHft4+szP6GeBEIx
2/A1P/lD78TZHekIRCl+L3FnH9Fe8/SNzFne2FkBYr4EC+7D7iDNkRQaC2gUKOqw
GiweNrUyjfHarJceLxleovfjPY+3eaeAg1gXWaJQe6VmJUksDYHS9gpG+SXuPFkD
WxxKYea1ncql8o98MfogzTzD+gfHJcpmuHn4rPmZ43Q49gxasmqtpbF86+yG7TPg
U/emWMBCCL933nesi6o03Sfchk9P90bN1oWJ2jqI1UnoShsBlQ9X3wDoYjJ9saxD
+N9nRTLuNbBZ+47EP3iRdP6nztFNt/2dDN/b4kFUxg5hxFErSPSOp1jQYdBoKxM7
ymh7ttgTIY0gyT7IgV/CDe0h/3CU2J1NdVqoEiRS1BGBfD3OPv8n/+vN0sz9vjks
wApKQskb83w=
=m8I5
-----END PGP SIGNATURE-----