Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion
  Previous topic | Next topic 
Author Message
caker
 Post subject: OpenSSH security fix
PostPosted: Tue Sep 16, 2003 3:21 pm 
Offline
Linode Staff
User avatar

Joined: Tue Apr 15, 2003 6:24 pm
Posts: 3090
Website: http://www.linode.com/
Location: Galloway, NJ
RedHat, Gentoo, and Debian (at least) contain a security vulnerability in OpenSSH which will allow someone to remotely execute code as root.

Red Hat's Errata Page:

https://rhn.redhat.com/errata/RHSA-2003-279.html

To upgrade, run the following commands (for Debian and RedHat)

apt-get update
apt-get install openssh

Please make sure your SSH daemons are either patched or upgraded.

Word,
-Chris
Top
   
Reply with quote  
kenny
 Post subject: Re: OpenSSH security fix
PostPosted: Tue Sep 16, 2003 4:45 pm 
Offline
Senior Member

Joined: Sat Jun 28, 2003 12:02 am
Posts: 66
Website: http://kenny.aust.in
updates.redhdat.com wrote:
There are too many connected users, please try later.

weeee......

Has anyone ever used lsh? I'd really like to quit running openssh as these types of problems seem to be pretty common. I wish Dan Bernstein would write a ssh server :lol:

Kenny
Top
   
Reply with quote  
qbatqbat
 Post subject: SSH again
PostPosted: Wed Sep 17, 2003 8:30 am 
Offline
Senior Newbie

Joined: Wed Jul 02, 2003 6:46 am
Posts: 13
Location: UK
Depending on when you followed Chris' instructions regarding yesterday's vulnerability, you may need to upgrade SSH again:

Quote:
- ------------------------------------------------------------------------
Debian Security Advisory DSA-382-2 security@debian.org
http://www.debian.org/security/ Wichert Akkerman
September 17, 2003
- ------------------------------------------------------------------------
Package : ssh
Vulnerability : buffer handling
Problem type : possible remote
Debian-specific: no
CVS references : CAN-2003-0693 CAN-2003-0695

This advisory is an addition to the earlier DSA-382-1 advisory: two more
buffer handling problems have been found in addition to the one
described in DSA-382-1. It is not known if these bugs are exploitable,
but as a precaution an upgrade is advised.

For the Debian stable distribution these bugs have been fixed in version
1:3.4p1-1.woody.2 .

Please note that if a machine is setup to install packages from
proposed-updates it will not automatically install this update.


Top
   
Reply with quote  
caker
 Post subject:
PostPosted: Wed Sep 17, 2003 8:19 pm 
Offline
Linode Staff
User avatar

Joined: Tue Apr 15, 2003 6:24 pm
Posts: 3090
Website: http://www.linode.com/
Location: Galloway, NJ
Sure enough, the Red Hat repository contains a newer version than the one from yesterday afternoon.

apt-get update
apt-get install openssh

Also note that I haven't updated the distros to contain these (and potentially other) security fixes. First thing out the door you should do with any new install is make sure it is up to date. (apt-get update; apt-get upgrade)

-Chris
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion


Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group