From tsl@trustix.com Sun Jun 30 19:00:19 2002 From: Trustix Secure Linux Advisor To: bugtraq@securityfocus.com Date: Fri, 28 Jun 2002 14:06:50 +0200 Subject: TSL-2002-0059 - openssh -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2002-0059 Package name: openssh Summary: Remote root exploit Date: 2002-06-28 Affected versions: TSL 1.1, 1.2, 1.5 - -------------------------------------------------------------------------- Problem description: There has been discovered a couple of bugs in serveral versions of OpenSSH including version 3.1p1 which is shipped with TSL. As later versions of OpenSSH introduces rather large changes in functionality and our public testing revealed a few issues not yet solved, we chose to apply the patches supplied by the OpenSSH project rather than upgrade to the latest version. Action: We recommend that all systems with this package installed are upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All TSL updates are available from Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Get SWUP from: Public testing: These packages have been available for public testing for some time. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at Questions? Check out our mailing lists: Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key is available from: The advisory itself is available from the errata pages at and or directly at MD5sums of the packages: - -------------------------------------------------------------------------- 918cd18ec576cf0f64a7249fa5a749a3 ./1.5/SRPMS/openssh-3.1.0p1-4tr.src.rpm 2a75912515a7751b06ee767f6691a3b7 ./1.5/RPMS/openssh-server-3.1.0p1-4tr.i586.rpm b3a08640bf14499d41ce77eb18bfdc17 ./1.5/RPMS/openssh-clients-3.1.0p1-4tr.i586.rpm f39806e0d245e16c8b5e7cb26720d68c ./1.5/RPMS/openssh-3.1.0p1-4tr.i586.rpm 918cd18ec576cf0f64a7249fa5a749a3 ./1.2/SRPMS/openssh-3.1.0p1-4tr.src.rpm f8f1e3ab0b66126d2c49492d4dfe546d ./1.2/RPMS/openssh-server-3.1.0p1-4tr.i586.rpm 843c5da5188028f548eb17a100bfa918 ./1.2/RPMS/openssh-clients-3.1.0p1-4tr.i586.rpm 6cff92b54b57d72dfd045e99213a256e ./1.2/RPMS/openssh-3.1.0p1-4tr.i586.rpm 918cd18ec576cf0f64a7249fa5a749a3 ./1.1/SRPMS/openssh-3.1.0p1-4tr.src.rpm 5e3a8a10ac5a1618ae537def9d8dab49 ./1.1/RPMS/openssh-server-3.1.0p1-4tr.i586.rpm 9940e111296858a59bc9b99205809cff ./1.1/RPMS/openssh-clients-3.1.0p1-4tr.i586.rpm 19213bbb056c55cc581e99df97cf06ee ./1.1/RPMS/openssh-3.1.0p1-4tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD4DBQE9HByswRTcg4BxxS0RAt+ZAJiWPaLvWRe+YKPVKbqIPOZkSOM0AJ9ZuybD COzpDhfYUOIj45uLSeta9g== =YCjW -----END PGP SIGNATURE-----