lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200309242233.06926.security-announce@turbolinux.co.jp>
From: security-announce at turbolinux.co.jp (Turbolinux)
Subject: [TURBOLINUX SECURITY INFO] 24/Sep/2003

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 24/Sep/2003
============================================================

The following page contains the security information of Turbolinux Inc.

 - Turbolinux Security Center
   http://www.turbolinux.com/security/

 (1) openssh -> Multiple PAM vulnerabilities in portable OpenSSH


===========================================================
* openssh -> Multiple PAM vulnerabilities in portable OpenSSH
===========================================================

More information :
    OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools
    that increasing numbers of people on the Internet are coming to rely on. 
    Portable OpenSSH versions 3.7p1 and 3.7.1p1 contain multiple vulnerabilities
    in the new PAM code.

 Impact :
    This vulnerability may allow a remote attacker to execute arbitrary code.

 Affected Products :
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1
    - Turbolinux Workstation 6.0


 Solution :
    Please use turbopkg tool to apply the update.


 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
       841803 28e1c71d64011fdeb6890bd1d8804388

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-3.7.1p2-1.i586.rpm
       194122 9a47b953d0e74bfa79a9c1f43f71dc0b
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-askpass-3.7.1p2-1.i586.rpm
        33827 dd95b2007be192ee180fa1ebf9a88507
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-askpass-gnome-3.7.1p2-1.i586.rpm
        15063 773ec94a46423affa6f2fcfa7eb2bf69
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-clients-3.7.1p2-1.i586.rpm
       216067 a564350ed7e95eae22c67f93dc257a7d
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-server-3.7.1p2-1.i586.rpm
       232433 e5190c2645f2434bcdd8efaaf4380a6c

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
       841803 9b3681f7e3b5d46476f9b2dadbf656d6

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-3.7.1p2-1.i586.rpm
       194125 72f3152f1a0d92b008656484e52721a4
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-askpass-3.7.1p2-1.i586.rpm
        33851 1e24e132581470557f0298c49c1c3911
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-clients-3.7.1p2-1.i586.rpm
       216079 b33a5ac4e3e955aa20bfb1597d72678c
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-server-3.7.1p2-1.i586.rpm
       232441 3b100ecab1d481348b2d9c34bc13eefd

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
       841803 5b7552ce227d1fa6e31164dfd74fe579

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-3.7.1p2-1.i586.rpm
       189907 91aa0affe5082af3a66c8d4e5d2c577e
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-askpass-3.7.1p2-1.i586.rpm
        33396 2755d5054107224c792cffce76cd886c
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-clients-3.7.1p2-1.i586.rpm
       209945 352a3c633c8f743475cb9a31a81f7d2d
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-server-3.7.1p2-1.i586.rpm
       224672 05227a78e45e52c5188719e8431877ef

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
       841803 0cf920c645518accdd6d1369d5902fca

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-3.7.1p2-1.i586.rpm
       189890 138e1ba2457c3bd1b23fadb3723b2e5b
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-askpass-3.7.1p2-1.i586.rpm
        33390 b9f74e65f3a22c8bf97b374d4ae4f5c7
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-clients-3.7.1p2-1.i586.rpm
       209892 dab0ba262edcbaf7de1c380f163a7475
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-server-3.7.1p2-1.i586.rpm
       224652 74f5869f1ed88d43f1f04de91a8312c4

 <Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
       841803 b83358d4ddc0e16c0971ea11044c532b

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-3.7.1p2-1.i386.rpm
       212515 5c62cd0702ef1f0d17beb453063ae00d
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-askpass-3.7.1p2-1.i386.rpm
        33089 c8c9718c5eefbc43b3117677d891b07f
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-clients-3.7.1p2-1.i386.rpm
       242671 1af40c215cd0a70a9dea6604aeff7a6a
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-server-3.7.1p2-1.i386.rpm
       256928 70b46c9f15a3f89f40a9ef29415a7737

 <Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
       841803 9d91a813f8000917735ae48e17111ca1

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-3.7.1p2-1.i386.rpm
       212519 16a6bd62fbb4b552b373934e383ae77e
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-askpass-3.7.1p2-1.i386.rpm
        33052 60e792b20c88e9a72269f8228f097927
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-askpass-gnome-3.7.1p2-1.i386.rpm
        14745 a9b3b17c787aedc36de18e5fb8e7386c
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-clients-3.7.1p2-1.i386.rpm
       242660 9784f16ae31a3b60c9f4816a47097419
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-server-3.7.1p2-1.i386.rpm
       256937 2d9143191ee571ce825cfa7b2328d798

 <Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
       841803 c1c1d4080e488c7268e3d07d93721e54

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-3.7.1p2-1.i386.rpm
       212493 a3303ce5d8840e9dea2d37953aed1533
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-askpass-gnome-3.7.1p2-1.i386.rpm
        14746 9719a5b46e279e51f79f2d62d9f2e486
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-clients-3.7.1p2-1.i386.rpm
       242653 1ad928affe945c9f4ed16a88fd50d27c
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-server-3.7.1p2-1.i386.rpm
       256900 20678d3a42f343f719ee5714935b7145

 <Turbolinux Workstation 6.0>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
       841803 7ab6a9ff0498668f34d5808765241c24

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-3.7.1p2-1.i386.rpm
       212455 91b1c2bac21f19fcf164ace0cb35738a
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-askpass-3.7.1p2-1.i386.rpm
        33059 9c0cbfc3c6e95c93bf46ce4ce5b46647
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-askpass-gnome-3.7.1p2-1.i386.rpm
        14741 f7f2f56a8926f035f7a88a0056b59fd7
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-clients-3.7.1p2-1.i386.rpm
       242573 4ac5947c8216e9126a86b6e817a42636
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-server-3.7.1p2-1.i386.rpm
       256873 12261912bdd5ede5abcbbd868f936ffe


 Notice :
    After performing the update, it is necessary to restart the sshd secure shell daemon.
    To do this, run the following command as user root.
 ---------------------------------------------
 # /etc/init.d/sshd restart
 or
 # /etc/rc.d/init.d/sshd restart
 ---------------------------------------------


 References :

 OpenSSH Security Advisory
   [Portable OpenSSH Security Advisory: sshpam.adv]
   http://www.openssh.com/txt/sshpam.adv

 openssh-unix-announce
   [Multiple PAM vulnerabilities in portable OpenSSH]
   http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000068.html

 CVE
   [CAN-2003-0682]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0682

 Turbolinux Security Advisory
   [TLSA-2003-51]
   http://www.turbolinux.com/security/TLSA-2003-51.txt


 --------------------------------------------------------------------------
 Revision History
    24 Sep 2003 Initial release
 --------------------------------------------------------------------------


 * You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.

  http://www.turbolinux.com/download/zabom.html
  http://www.turbolinux.com/download/zabomupdate.html

Package Update Path
http://www.turbolinux.com/update

============================================================
 * To obtain the public key

Here is the public key

 http://www.turbolinux.com/security/

 * To unsubscribe from the list

If you ever want to remove yourself from this mailing list,
  you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).

unsubscribe

 * To change your email address

If you ever want to chage email address in this mailing list,
  you can send a message to <server-users-e-ctl@...bolinux.co.jp> with
the following command in the message body:

  chaddr 'old address' 'new address'

If you have any questions or problems, please contact
<supp_info@...bolinux.co.jp>

Thank you!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/cZ0NK0LzjOqIJMwRAkS3AJsGtRi1QFl5vBginyoaGgPUy3GzDQCgtQH+
d7cm7WRRif3u1VaFh6xfW2o=
=JtIU
-----END PGP SIGNATURE-----




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ