lug-bg: [Fwd: [SECURITY] [DSA-382-1] OpenSSH buffer management fix]
- Subject: lug-bg: [Fwd: [SECURITY] [DSA-382-1] OpenSSH buffer management fix]
- From: Ivan Dimitrov <dobber@xxxxxxxxxx>
- Date: Wed, 17 Sep 2003 13:35:59 +0300
- Organization: root of all evil
i sid i woody versiite na debian sa updatenati s fixnat ssh.
-----Forwarded Message-----
> From: Wichert Akkerman <wichert@xxxxxxxxx>
> To: debian-security-announce@xxxxxxxxxxxxxxxx
> Subject: [SECURITY] [DSA-382-1] OpenSSH buffer management fix
> Date: Tue, 16 Sep 2003 20:41:32 +0200
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - ------------------------------------------------------------------------
> Debian Security Advisory DSA-382-1 security@xxxxxxxxxx
> http://www.debian.org/security/ Wichert Akkerman
> September 16, 2003
> - ------------------------------------------------------------------------
>
>
> Package : ssh
> Vulnerability : buffer handling
> Problem type : possible remote
> Debian-specific: no
> CVS references : CAN-2003-0693
>
> A bug has been found in OpenSSH's buffer handling where a buffer could
> be marked as grown when the actual reallocation failed.
>
> This bug has been fixed in upstream version 3.7. For the Debian stable
> distribution this bug has eeb fixed in version 1:3.4p1-1.1 .
>
> Please note that if a machine is setup to install packages from
> proposed-updates it will not automatically install this update.
>
>
> Upgrade Instructions
> - --------------------
>
> wget url
> will fetch the file for you
> dpkg -i file.deb
> will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
> will update the internal database
> apt-get upgrade
> will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
>
> Debian GNU/Linux 3.0 alias woody
> - --------------------------------
>
> Stable was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.
>
> Source archives:
>
> http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-1.1.diff.gz
> Size/MD5 checksum: 36506 9defe00f0297a22395b2f17e34bae852
> http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-1.1.dsc
> Size/MD5 checksum: 1338 8fc3790171311bcf8fe202edf884e000
>
> alpha architecture (DEC Alpha)
>
> http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.1_alpha.deb
> Size/MD5 checksum: 849796 9125f955f4649ee1d8ec942b051f67e1
> http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.1_alpha.deb
> Size/MD5 checksum: 35724 93863e66e77fc7c6cca09636e01fce96
>
> arm architecture (ARM)
>
> http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.1_arm.deb
> Size/MD5 checksum: 658012 21675964771355a0ae456fc5927245b2
> http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.1_arm.deb
> Size/MD5 checksum: 34958 6abebe99d34e7c4a1bbcddcffe50ca6e
>
> hppa architecture (HP PA RISC)
>
> http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.1_hppa.deb
> Size/MD5 checksum: 35318 b3bc13ec29b99687e8165a8250695e3c
> http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.1_hppa.deb
> Size/MD5 checksum: 755464 100a06cde2e02486502fef1283777102
>
> i386 architecture (Intel ia32)
>
> http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.1_i386.deb
> Size/MD5 checksum: 642460 ee27cd953e87b32e6b1c1b09fcdb7aa2
> http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.1_i386.deb
> Size/MD5 checksum: 35236 caf803cd286646300d68576724cf236a
>
> ia64 architecture (Intel ia64)
>
> http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.1_ia64.deb
> Size/MD5 checksum: 36728 90006b98e1a29a9e631ee335f9596262
> http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.1_ia64.deb
> Size/MD5 checksum: 1002494 9bf4331e06a35a025ee8617fece7fa4c
>
> mips architecture (MIPS (Big Endian))
>
> http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.1_mips.deb
> Size/MD5 checksum: 35246 866ebeefc0d64307f78c0aa49f2eb470
> http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.1_mips.deb
> Size/MD5 checksum: 729782 67b72adc6041f24eeeb0d35cb37a27e6
>
> mipsel architecture (MIPS (Little Endian))
>
> http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.1_mipsel.deb
> Size/MD5 checksum: 35208 bf5051b7e2f41ce571f5161578db62f9
> http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.1_mipsel.deb
> Size/MD5 checksum: 727196 96122a4ac373f66b2218ec4febecff27
>
> m68k architecture (Motorola Mc680x0)
>
> http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.1_m68k.deb
> Size/MD5 checksum: 35166 2f6b556a3c3a18ccf31933976ef48186
> http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.1_m68k.deb
> Size/MD5 checksum: 612346 c3e1ce4ce619862c24e62bf8f7563cff
>
> powerpc architecture (PowerPC)
>
> http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.1_powerpc.deb
> Size/MD5 checksum: 34972 5365d9f0f7453f83046dd1b263f8824a
> http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.1_powerpc.deb
> Size/MD5 checksum: 681188 82564391d8b71424fc88a73587e1d33d
>
> s390 architecture (IBM S/390)
>
> http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.1_s390.deb
> Size/MD5 checksum: 35604 a9d8674d50edb3b2fa4f1e1dca98e6cb
> http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.1_s390.deb
> Size/MD5 checksum: 717776 e2b5c973db52d0e97ba91627e983b7a0
>
> sparc architecture (Sun SPARC/UltraSPARC)
>
> http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.1_sparc.deb
> Size/MD5 checksum: 35020 41ae03783324a20d395f6f4f8d5c5fb3
> http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.1_sparc.deb
> Size/MD5 checksum: 685856 b171caefecf060b28882d1fb95ae28d7
>
> - --
> - ----------------------------------------------------------------------------
> Debian Security team <team@xxxxxxxxxxxxxxxxxxx>
> http://www.debian.org/security/
> Mailing-List: debian-security-announce@xxxxxxxxxxxxxxxx
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
>
> iD8DBQE/Z1lRPLiSUC+jvC0RAv+fAJ9CIsPyIGuAd6hFlycZTiD9VuOExQCgmQiA
> 8s6Qr7lnF0L5Rd24GON0TcM=
> =zpC2
> -----END PGP SIGNATURE-----
--
Hi! I'm your friendly neighbourhood signature virus.
Copy me to your signature file and help me spread!
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
|