Network Security Audits / Vulnerability Assessments by SecuritySpace

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           openssh
Advisory ID:            MDKSA-2003:090
Date:                   September 16th, 2003

Affected versions: 8.2, 9.0, 9.1, Corporate Server 2.1,
Multi Network Firewall 8.2
________________________________________________________________________

Problem Description:

A buffer management error was discovered in all versions of openssh
prior to version 3.7.  According to the OpenSSH team's advisory:
"It is uncertain whether this error is potentially exploitable,
however, we prefer to see bugs fixed proactively."  There have also
been reports of an exploit in the wild.

MandrakeSoft encourages all users to upgrade to these patched openssh
packages immediately and to disable sshd until you are able to upgrade
if at all possible.
________________________________________________________________________

References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0693
  http://www.kb.cert.org/vuls/id/333628
  http://www.openssh.com/txt/buffer.adv
________________________________________________________________________

Updated Packages:

Corporate Server 2.1:
5800ea0b5c436851c04e153a2d8b7706  corporate/2.1/RPMS/openssh-3.6.1p2-1.1.90mdk.i586.rpm
ca2a0c392a3b2400139b4bfbdd61121a  corporate/2.1/RPMS/openssh-askpass-3.6.1p2-1.1.90mdk.i586.rpm
51b4d8bcc2e3c92850dd29a41da1ecbc  corporate/2.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.90mdk.i586.rpm
dd421c26a2c1b5092cc1947394f87cfa  corporate/2.1/RPMS/openssh-clients-3.6.1p2-1.1.90mdk.i586.rpm
933a01509877c76a2c16b4c129bd7bbe  corporate/2.1/RPMS/openssh-server-3.6.1p2-1.1.90mdk.i586.rpm
54299aeb96b49e1d8ef6a4dcc826eba1  corporate/2.1/SRPMS/openssh-3.6.1p2-1.1.90mdk.src.rpm

Corporate Server 2.1/x86_64:
5da7de9e35a314a9acc21ee0024c8a55  x86_64/corporate/2.1/RPMS/openssh-3.6.1p2-1.1.90mdk.x86_64.rpm
fb60f30f5241741ef2276d8616553a84  x86_64/corporate/2.1/RPMS/openssh-askpass-3.6.1p2-1.1.90mdk.x86_64.rpm
c41f38e43f87231c639f6a0fcbb2d065  x86_64/corporate/2.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.90mdk.x86_64.rpm
c826364829aba4704f1b5435b4ab3319  x86_64/corporate/2.1/RPMS/openssh-clients-3.6.1p2-1.1.90mdk.x86_64.rpm
7b4f9e6970d4bc7ef7ac55e7824247c6  x86_64/corporate/2.1/RPMS/openssh-server-3.6.1p2-1.1.90mdk.x86_64.rpm
54299aeb96b49e1d8ef6a4dcc826eba1  x86_64/corporate/2.1/SRPMS/openssh-3.6.1p2-1.1.90mdk.src.rpm

Mandrake Linux 8.2:
eb32286108c21f58ac51d782151539b0  8.2/RPMS/openssh-3.6.1p2-1.1.82mdk.i586.rpm
0267fc6f4c0d893e435b7445fb9f6a23  8.2/RPMS/openssh-askpass-3.6.1p2-1.1.82mdk.i586.rpm
69a090f67dd853d4e60f6905eeeadf20  8.2/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.82mdk.i586.rpm
96e50b6c68e657cc01911414e6836f73  8.2/RPMS/openssh-clients-3.6.1p2-1.1.82mdk.i586.rpm
f52c7678f32ca9cde888068620fb375d  8.2/RPMS/openssh-server-3.6.1p2-1.1.82mdk.i586.rpm
f96f920c60fe9961f107605e60dc0697  8.2/SRPMS/openssh-3.6.1p2-1.1.82mdk.src.rpm

Mandrake Linux 8.2/PPC:
14904d382bc45ae8346202bdc75ccee7  ppc/8.2/RPMS/openssh-3.6.1p2-1.1.82mdk.ppc.rpm
8012ca8e133f76d0a7034945603f4e90  ppc/8.2/RPMS/openssh-askpass-3.6.1p2-1.1.82mdk.ppc.rpm
aa3658d57bacf80a2bc6750a832f7ff8  ppc/8.2/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.82mdk.ppc.rpm
683f8b21c9887f9160efa0cf7211caf0  ppc/8.2/RPMS/openssh-clients-3.6.1p2-1.1.82mdk.ppc.rpm
a919fcf54371e12ece94b84883cdf058  ppc/8.2/RPMS/openssh-server-3.6.1p2-1.1.82mdk.ppc.rpm
f96f920c60fe9961f107605e60dc0697  ppc/8.2/SRPMS/openssh-3.6.1p2-1.1.82mdk.src.rpm

Mandrake Linux 9.0:
5800ea0b5c436851c04e153a2d8b7706  9.0/RPMS/openssh-3.6.1p2-1.1.90mdk.i586.rpm
ca2a0c392a3b2400139b4bfbdd61121a  9.0/RPMS/openssh-askpass-3.6.1p2-1.1.90mdk.i586.rpm
51b4d8bcc2e3c92850dd29a41da1ecbc  9.0/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.90mdk.i586.rpm
dd421c26a2c1b5092cc1947394f87cfa  9.0/RPMS/openssh-clients-3.6.1p2-1.1.90mdk.i586.rpm
933a01509877c76a2c16b4c129bd7bbe  9.0/RPMS/openssh-server-3.6.1p2-1.1.90mdk.i586.rpm
54299aeb96b49e1d8ef6a4dcc826eba1  9.0/SRPMS/openssh-3.6.1p2-1.1.90mdk.src.rpm

Mandrake Linux 9.1:
b428536c41761ef1295a5c424fe7090f  9.1/RPMS/openssh-3.6.1p2-1.1.91mdk.i586.rpm
6b0f784e9a9eb0a5f81682cfed347533  9.1/RPMS/openssh-askpass-3.6.1p2-1.1.91mdk.i586.rpm
1de0d5a790a8b049d936a66f9cbef637  9.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.91mdk.i586.rpm
8be79fe54ec8fa4e6e262747b9a266f6  9.1/RPMS/openssh-clients-3.6.1p2-1.1.91mdk.i586.rpm
43c07ba3f3f4ba38f5d215dc1e62b19d  9.1/RPMS/openssh-server-3.6.1p2-1.1.91mdk.i586.rpm
6c50e55e209175d774c39512e31da4ff  9.1/SRPMS/openssh-3.6.1p2-1.1.91mdk.src.rpm

Mandrake Linux 9.1/PPC:
cea0afcd1c654e52eaeafde47e0b9cdd  ppc/9.1/RPMS/openssh-3.6.1p2-1.1.91mdk.ppc.rpm
937cafe7c1d2bc005bde44157a3ce32a  ppc/9.1/RPMS/openssh-askpass-3.6.1p2-1.1.91mdk.ppc.rpm
b96a79881c74002e80088e73b0b5420a  ppc/9.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.1.91mdk.ppc.rpm
c11f8f2648eda9d127f7cbf4e20dd768  ppc/9.1/RPMS/openssh-clients-3.6.1p2-1.1.91mdk.ppc.rpm
65761615af545350699e27771761acd0  ppc/9.1/RPMS/openssh-server-3.6.1p2-1.1.91mdk.ppc.rpm
6c50e55e209175d774c39512e31da4ff  ppc/9.1/SRPMS/openssh-3.6.1p2-1.1.91mdk.src.rpm

Multi Network Firewall 8.2:
eb32286108c21f58ac51d782151539b0  mnf8.2/RPMS/openssh-3.6.1p2-1.1.82mdk.i586.rpm
96e50b6c68e657cc01911414e6836f73  mnf8.2/RPMS/openssh-clients-3.6.1p2-1.1.82mdk.i586.rpm
f52c7678f32ca9cde888068620fb375d  mnf8.2/RPMS/openssh-server-3.6.1p2-1.1.82mdk.i586.rpm
f96f920c60fe9961f107605e60dc0697  mnf8.2/SRPMS/openssh-3.6.1p2-1.1.82mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
________________________________________________________________________

To upgrade automatically, use MandrakeUpdate or urpmi.  The verification
of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

  http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

  http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/Z3GlmqjQ0CJFipgRApLpAKD23mpcVC6S4b4N7EhgXHGGGh0jGQCeIfDv
BFTVF9HpTYKL8xAl2ua7fm4=
=sBfV
-----END PGP SIGNATURE-----