|
DESCRIPTION Updated OpenSSH packages are now available that fix a bug that may be remotely exploitable. Updated 17 Sep 2003] Updated packages are now available to fix additional buffer manipulation problems which were fixed in OpenSSH 3.7.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0695 to these additional issues. We have also included fixes from Solar Designer for some additional memory bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0682 to these issues. OpenSSH is a suite of network connectivity tools that can be used to establish encrypted connections between systems on a network and can provide interactive login sessions and port forwarding, among other functions. The OpenSSH team has announced a bug which affects the OpenSSH buffer handling code. This bug has the potential of being remotely exploitable. All users of OpenSSH should immediately apply this update which contains a backported fix for this issue. SOLUTION Download the following RPM packages to the NetWinder into a temporary
directory, then install them with the command "rpm -Uvh *.rpm". Be sure
there are no other files ending in ".rpm" in the temporary directory. See
http://www.netwinder.org/security/install.html for more help. Notice: The optional "askpass" and "askpass-gnome" packages have not been built, as I doubt anybody actually uses them on a NetWinder. If you do have these installed, the rpm upgrade will complain about them. You can safely remove those packages first and then do the upgrade cleanly. Required packages for dm-3.1-15 and OfficeServer: ftp://ftp.netwinder.org/pub/netwinder/updates/3.1-15/armv4l/openssh-3.5p1-11_nw1.armv4l.rpm Required packages for dm-3.9-28: ftp://ftp.netwinder.org/pub/netwinder/updates/3.9-28/armv4l/openssh-3.5p1-11_nw1.armv4l.rpm Required packages for nw-9: ftp://ftp.netwinder.org/pub/netwinder/updates/nw-9/armv4l/openssh-3.5p1-11.armv4l.rpm REFERENCES http://rhn.redhat.com/errata/RHSA-2003-279.html |