RHN Errata Alert: Updated OpenSSH packages fix

A

Admin

Guest
Security Advisory - RHSA-2003:279-17
------------------------------------------------------------------------------
Summary:
Updated OpenSSH packages fix potential vulnerabilities

Updated OpenSSH packages are now available that fix bugs that may be
remotely exploitable.

[Updated 17 Sep 2003]
Updated packages are now available to fix additional buffer manipulation
problems which were fixed in OpenSSH 3.7.1. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2003-0695 to
these additional issues.

We have also included fixes from Solar Designer for some additional memory
bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0682 to these issues.

Description:
OpenSSH is a suite of network connectivity tools that can be used to
establish encrypted connections between systems on a network and can
provide interactive login sessions and port forwarding, among other functions.

The OpenSSH team has announced a bug which affects the OpenSSH buffer
handling code. This bug has the potential of being remotely exploitable.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0693 to this issue.

All users of OpenSSH should immediately apply this update which contains a
backported fix for this issue.

References:
http://www.openssh.com/txt/buffer.adv
------------------------------------------------------------------------------
 
Top