[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200309242233.06926.security-announce@turbolinux.co.jp>
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 24/Sep/2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 24/Sep/2003
============================================================
The following page contains the security information of Turbolinux Inc.
- Turbolinux Security Center
http://www.turbolinux.com/security/
(1) openssh -> Multiple PAM vulnerabilities in portable OpenSSH
===========================================================
* openssh -> Multiple PAM vulnerabilities in portable OpenSSH
===========================================================
More information :
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools
that increasing numbers of people on the Internet are coming to rely on.
Portable OpenSSH versions 3.7p1 and 3.7.1p1 contain multiple vulnerabilities
in the new PAM code.
Impact :
This vulnerability may allow a remote attacker to execute arbitrary code.
Affected Products :
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
- Turbolinux Server 6.5
- Turbolinux Advanced Server 6
- Turbolinux Server 6.1
- Turbolinux Workstation 6.0
Solution :
Please use turbopkg tool to apply the update.
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
841803 28e1c71d64011fdeb6890bd1d8804388
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-3.7.1p2-1.i586.rpm
194122 9a47b953d0e74bfa79a9c1f43f71dc0b
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-askpass-3.7.1p2-1.i586.rpm
33827 dd95b2007be192ee180fa1ebf9a88507
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-askpass-gnome-3.7.1p2-1.i586.rpm
15063 773ec94a46423affa6f2fcfa7eb2bf69
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-clients-3.7.1p2-1.i586.rpm
216067 a564350ed7e95eae22c67f93dc257a7d
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-server-3.7.1p2-1.i586.rpm
232433 e5190c2645f2434bcdd8efaaf4380a6c
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
841803 9b3681f7e3b5d46476f9b2dadbf656d6
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-3.7.1p2-1.i586.rpm
194125 72f3152f1a0d92b008656484e52721a4
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-askpass-3.7.1p2-1.i586.rpm
33851 1e24e132581470557f0298c49c1c3911
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-clients-3.7.1p2-1.i586.rpm
216079 b33a5ac4e3e955aa20bfb1597d72678c
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-server-3.7.1p2-1.i586.rpm
232441 3b100ecab1d481348b2d9c34bc13eefd
<Turbolinux 7 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
841803 5b7552ce227d1fa6e31164dfd74fe579
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-3.7.1p2-1.i586.rpm
189907 91aa0affe5082af3a66c8d4e5d2c577e
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-askpass-3.7.1p2-1.i586.rpm
33396 2755d5054107224c792cffce76cd886c
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-clients-3.7.1p2-1.i586.rpm
209945 352a3c633c8f743475cb9a31a81f7d2d
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-server-3.7.1p2-1.i586.rpm
224672 05227a78e45e52c5188719e8431877ef
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
841803 0cf920c645518accdd6d1369d5902fca
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-3.7.1p2-1.i586.rpm
189890 138e1ba2457c3bd1b23fadb3723b2e5b
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-askpass-3.7.1p2-1.i586.rpm
33390 b9f74e65f3a22c8bf97b374d4ae4f5c7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-clients-3.7.1p2-1.i586.rpm
209892 dab0ba262edcbaf7de1c380f163a7475
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-server-3.7.1p2-1.i586.rpm
224652 74f5869f1ed88d43f1f04de91a8312c4
<Turbolinux Server 6.5>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
841803 b83358d4ddc0e16c0971ea11044c532b
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-3.7.1p2-1.i386.rpm
212515 5c62cd0702ef1f0d17beb453063ae00d
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-askpass-3.7.1p2-1.i386.rpm
33089 c8c9718c5eefbc43b3117677d891b07f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-clients-3.7.1p2-1.i386.rpm
242671 1af40c215cd0a70a9dea6604aeff7a6a
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-server-3.7.1p2-1.i386.rpm
256928 70b46c9f15a3f89f40a9ef29415a7737
<Turbolinux Advanced Server 6>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
841803 9d91a813f8000917735ae48e17111ca1
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-3.7.1p2-1.i386.rpm
212519 16a6bd62fbb4b552b373934e383ae77e
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-askpass-3.7.1p2-1.i386.rpm
33052 60e792b20c88e9a72269f8228f097927
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-askpass-gnome-3.7.1p2-1.i386.rpm
14745 a9b3b17c787aedc36de18e5fb8e7386c
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-clients-3.7.1p2-1.i386.rpm
242660 9784f16ae31a3b60c9f4816a47097419
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-server-3.7.1p2-1.i386.rpm
256937 2d9143191ee571ce825cfa7b2328d798
<Turbolinux Server 6.1>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
841803 c1c1d4080e488c7268e3d07d93721e54
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-3.7.1p2-1.i386.rpm
212493 a3303ce5d8840e9dea2d37953aed1533
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-askpass-gnome-3.7.1p2-1.i386.rpm
14746 9719a5b46e279e51f79f2d62d9f2e486
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-clients-3.7.1p2-1.i386.rpm
242653 1ad928affe945c9f4ed16a88fd50d27c
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-server-3.7.1p2-1.i386.rpm
256900 20678d3a42f343f719ee5714935b7145
<Turbolinux Workstation 6.0>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
841803 7ab6a9ff0498668f34d5808765241c24
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-3.7.1p2-1.i386.rpm
212455 91b1c2bac21f19fcf164ace0cb35738a
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-askpass-3.7.1p2-1.i386.rpm
33059 9c0cbfc3c6e95c93bf46ce4ce5b46647
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-askpass-gnome-3.7.1p2-1.i386.rpm
14741 f7f2f56a8926f035f7a88a0056b59fd7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-clients-3.7.1p2-1.i386.rpm
242573 4ac5947c8216e9126a86b6e817a42636
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-server-3.7.1p2-1.i386.rpm
256873 12261912bdd5ede5abcbbd868f936ffe
Notice :
After performing the update, it is necessary to restart the sshd secure shell daemon.
To do this, run the following command as user root.
---------------------------------------------
# /etc/init.d/sshd restart
or
# /etc/rc.d/init.d/sshd restart
---------------------------------------------
References :
OpenSSH Security Advisory
[Portable OpenSSH Security Advisory: sshpam.adv]
http://www.openssh.com/txt/sshpam.adv
openssh-unix-announce
[Multiple PAM vulnerabilities in portable OpenSSH]
http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000068.html
CVE
[CAN-2003-0682]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0682
Turbolinux Security Advisory
[TLSA-2003-51]
http://www.turbolinux.com/security/TLSA-2003-51.txt
--------------------------------------------------------------------------
Revision History
24 Sep 2003 Initial release
--------------------------------------------------------------------------
* You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.
http://www.turbolinux.com/download/zabom.html
http://www.turbolinux.com/download/zabomupdate.html
Package Update Path
http://www.turbolinux.com/update
============================================================
* To obtain the public key
Here is the public key
http://www.turbolinux.com/security/
* To unsubscribe from the list
If you ever want to remove yourself from this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).
unsubscribe
* To change your email address
If you ever want to chage email address in this mailing list,
you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:
chaddr 'old address' 'new address'
If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>
Thank you!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/cZ0NK0LzjOqIJMwRAkS3AJsGtRi1QFl5vBginyoaGgPUy3GzDQCgtQH+
d7cm7WRRif3u1VaFh6xfW2o=
=JtIU
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists