Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[gentoo-announce] GLSA 200309-12: OpenSSH
View unanswered posts
View posts from last 24 hours

Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message

Joined: 07 Aug 2002
Posts: 7697
Location: Pelotas, BR

PostPosted: Wed Sep 17, 2003 8:50 pm    Post subject: [gentoo-announce] GLSA 200309-12: OpenSSH Reply with quote

- - -
- - -

PACKAGE : openssh
SUMMARY : buffer management error
DATE : 2003-09-16 22:53 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <=openssh-3.7_p1
FIXED VERSION : >=openssh-3.7.1_p1
CVE : CAN-2003-0693

- - -

quote from advisory:

"All versions of OpenSSH's sshd prior to 3.7 contain a buffer management
error. It is uncertain whether this error is potentially
exploitable,however, we prefer to see bugs fixed proactively."

read the full advisory at:

This is a follow up advisory to indicate the further fixes have been
made. From the ChangeLog:

- (djm) OpenBSD Sync
- 2003/09/16 21:02:40
[buffer.c channels.c version.h]
more malloc/fatal fixes; ok millert/deraadt; ghudson at MIT.EDU

(reported on by
Christian Rubbert <>)


It is recommended that all Gentoo Linux users who are running
net-misc/openssh upgrade to openssh-3.7.1_p1 as follows:

emerge sync
emerge openssh
emerge clean

- - --------------------------------------------------------------- - GnuPG key in signature below and on keyservers

Seemant Kulleen
Developer and Project Co-ordinator,
Gentoo Linux

Public Key:
Key fingerprint = 23A9 7CB5 9BBB 4F8D 549B 6593 EDA2 65D8 3458 780E
"I'm just very selective about the reality I choose to accept." -- Calvin
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum