Date: Thu, 29 Mar 2001 13:58:25 +0200
From: [email protected]
To: [email protected]Subject: Trustix Security Advisory #2001-0002 - OpenSSH
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2001-0002
Package name: OpenSSH
Severity: Possible to determine password length
Date: 2001-03-29
Affected versions: TSL 1.01, 1.1, 1.2
- --------------------------------------------------------------------------
Problem description:
From the release notes of Portable OpenSSH-2.5.2p2:
Security related changes:
Improved countermeasure against "Passive Analysis of SSH
(Secure Shell) Traffic"
http://openwall.com/advisories/OW-003-ssh-traffic-analysis.txt
The countermeasures introduced in earlier OpenSSH-2.5.x versions
caused interoperability problems with some other implementations.
Improved countermeasure against "SSH protocol 1.5 session
key recovery vulnerability"
http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm
Action:
We recommend all systems which has this package installed to be upgraded.
Location:
All TSL updates are available from
<URL:http://www.trusix.net/pub/Trustix/updates/>;
<URL:ftp://ftp.trusix.net/pub/Trustix/updates/>;
Users of the SWUP tool, can enjoy having the security updates
automatically installed using 'swup --upgrade'.
Get SWUP from:
ftp://ftp.trustix.net/pub/Trustix/software/swup/
Questions?
Check out our mailinglists:
http://www.trustix.net/support/
Verification:
This advisory is signed with the TSL sign key. It is available from:
http://www.trustix.net/TSL-GPG-KEY
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6wyAzwRTcg4BxxS0RAodOAJ9G9BtOZaTpzYpbSkJDhXqKEn2ySwCfSXtq
52GvTRB1mSqAg+8difECgQk=
=MEis
-----END PGP SIGNATURE-----
--
Trustix Secure Linux Advisor
Homepage: http://www.trustix.net/
Errata: http://www.trustix.net/errata/
Automatic updates: http://www.trustix.net/pub/Trustix/software/swup/
