| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 17/Sep/2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 17/Sep/2003
============================================================
The following page contains the security information of Turbolinux Inc.
- Turbolinux Security Center
http://www.turbolinux.com/security/
(1) openssh -> Buffer management errors
===========================================================
* openssh -> Buffer management errors
===========================================================
More information :
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools
that increasing numbers of people on the Internet are coming to rely on.
All versions of OpenSSH's sshd prior to 3.7.1 contain buffer management errors.
Impact :
This vulnerability may allow a remote attacker to execute arbitrary code.
Affected Products :
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
- Turbolinux Server 6.5
- Turbolinux Advanced Server 6
- Turbolinux Server 6.1
- Turbolinux Workstation 6.0
Solution :
Please use turbopkg tool to apply the update.
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/openssh-3.7.1p1-4.src.rpm
840278 02cd195471b275f6b8cb5d5e81e12f6e
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-3.7.1p1-4.i586.rpm
193036 59445c9e3ade3b20305bc250125b9443
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-askpass-3.7.1p1-4.i586.rpm
33434 0f90ff6a6e5363a76ed79d3da08c64f7
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-askpass-gnome-3.7.1p1-4.i586.rpm
14673 530ebfc4041d38112b65dcd2173a2421
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-clients-3.7.1p1-4.i586.rpm
215841 d754024163ce1e6ee04d2578753f0c21
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-server-3.7.1p1-4.i586.rpm
231111 58113eec0703f3d147dc3a4d7d5393b4
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/openssh-3.7.1p1-4.src.rpm
840278 25971e9e5743a93901a0cbf930ebd080
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-3.7.1p1-4.i586.rpm
193015 28b9aed67c3c9ef0054e5e420e3ea5d7
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-askpass-3.7.1p1-4.i586.rpm
33432 1530b207ec2d8e85668471660e71e41d
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-clients-3.7.1p1-4.i586.rpm
215933 9086039fb1d459ac0921c5ece24c6486
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-server-3.7.1p1-4.i586.rpm
231110 20d6f2839d4ccb0a818fefa6b6393325
<Turbolinux 7 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/openssh-3.7.1p1-4.src.rpm
840278 4305414497e7e3489ada142e41c5f703
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-3.7.1p1-4.i586.rpm
188813 65f26185e001aa075a52d7d4383d1363
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-askpass-3.7.1p1-4.i586.rpm
32944 50f4d9c7adfb8706ae66c71987dbd041
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-clients-3.7.1p1-4.i586.rpm
209536 dfa3bc5d0b9976f1aae94a03dc28cd5f
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-server-3.7.1p1-4.i586.rpm
223229 93b98fa6432f9238243c3f116b9efc10
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/openssh-3.7.1p1-4.src.rpm
840278 4b558bad9b81322edf8ac49508f42826
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-3.7.1p1-4.i586.rpm
188806 c71a45531224e11477666c9ff56688d6
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-askpass-3.7.1p1-4.i586.rpm
32948 6d84710cb7306692e82022dda5fe50f4
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-clients-3.7.1p1-4.i586.rpm
209570 008a86e2bf50ec0cf62771fa6bda834f
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-server-3.7.1p1-4.i586.rpm
223224 3beb7d1854870f4b8cc86523fe39fedb
<Turbolinux Server 6.5>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/openssh-3.7.1p1-4.src.rpm
840278 1fc5269641d8904819a6dc9f35f9bba9
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-3.7.1p1-4.i386.rpm
211400 c1b702a69363937d65fdf69b1abc85d9
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-askpass-3.7.1p1-4.i386.rpm
32673 75b7e850dacfece3bcd05d2bc67fe8b8
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-clients-3.7.1p1-4.i386.rpm
242262 f3865946c8dbd5bf641272117dd1ff4a
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-server-3.7.1p1-4.i386.rpm
255627 2af41c03de7763e9abc4e0d73f5642c6
<Turbolinux Advanced Server 6>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/openssh-3.7.1p1-4.src.rpm
840278 5633eb4611fd4613ef0eff3769dcaaff
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-3.7.1p1-4.i386.rpm
211318 936e47da80580d20effb6bc1482dcf37
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-askpass-3.7.1p1-4.i386.rpm
32649 d860b524bfa483196cfb4fe88f5fead1
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-askpass-gnome-3.7.1p1-4.i386.rpm
14339 f383aace6a75a8a3b16beb124fceee73
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-clients-3.7.1p1-4.i386.rpm
242210 219ed0479b17038aa2e473399f60b9e7
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-server-3.7.1p1-4.i386.rpm
255609 92fb6a28e5d787b3f768df8568a30332
<Turbolinux Server 6.1>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/openssh-3.7.1p1-4.src.rpm
840278 71f1c814bfde6b73c563168fd1a5affd
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-3.7.1p1-4.i386.rpm
211337 a10b024543c04e490461776e2bbdbb29
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-askpass-gnome-3.7.1p1-4.i386.rpm
14340 8c268657f1b2481a7f506775978e68d4
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-clients-3.7.1p1-4.i386.rpm
242210 25f186534e651b3ab70b33b38631ce13
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-server-3.7.1p1-4.i386.rpm
255576 dd79075a3a00142664b6ec55f79e0de8
<Turbolinux Workstation 6.0>
Source Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/openssh-3.7.1p1-4.src.rpm
840278 522fa52683b073b40d92eaba5b313c46
Binary Packages
Size : MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-3.7.1p1-4.i386.rpm
211326 0b174b2b77e96b5197e5936a605cc4b8
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-askpass-3.7.1p1-4.i386.rpm
32655 63e288827126854bcdb50e2873a0852b
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-askpass-gnome-3.7.1p1-4.i386.rpm
14336 b62d1e216a47aac58713e780fbc10569
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-clients-3.7.1p1-4.i386.rpm
242225 77fe97cd19d4d6aac38887e1baa6f61c
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-server-3.7.1p1-4.i386.rpm
255578 aa3ed0646f90fece290672f737e206a4
Notice :
After performing the update, it is necessary to restart the sshd secure shell daemon.
To do this, run the following command as user root.
---------------------------------------------
# /etc/init.d/sshd restart
or
# /etc/rc.d/init.d/sshd restart
---------------------------------------------
References :
openssh-unix-announce
[OpenSSH 3.7 released]
http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000062.html
[OpenSSH 3.7.1 released]
http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000064.html
CERT Advisory
[CA-2003-24]
http://www.cert.org/advisories/CA-2003-24.html
CVE
[CAN-2003-0693]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0693
--------------------------------------------------------------------------
Revision History
17 Sep 2003 Initial release
--------------------------------------------------------------------------
* You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.
http://www.turbolinux.com/download/zabom.html
http://www.turbolinux.com/download/zabomupdate.html
Package Update Path
http://www.turbolinux.com/update
============================================================
* To obtain the public key
Here is the public key
http://www.turbolinux.com/security/
* To unsubscribe from the list
If you ever want to remove yourself from this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).
unsubscribe
* To change your email address
If you ever want to chage email address in this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:
chaddr 'old address' 'new address'
If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>
Thank you!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/aDdqK0LzjOqIJMwRAlmxAKCQQNsb82cWmZZZ8tcGRk5ZQl1cIgCfeYEB
NeIKPaK4pUiKC+CoZ8xYPN8=
=EtFU
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists