Updated OpenSSH packages are now available that fix a bug that may be remotely exploitable.
Updated 17 Sep 2003] Updated packages are now available to fix additional buffer manipulation problems which were fixed in OpenSSH 3.7.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0695 to these additional issues.
We have also included fixes from Solar Designer for some additional memory bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0682 to these issues.
OpenSSH is a suite of network connectivity tools that can be used to establish encrypted connections between systems on a network and can provide interactive login sessions and port forwarding, among other functions.
The OpenSSH team has announced a bug which affects the OpenSSH buffer handling code. This bug has the potential of being remotely exploitable.
All users of OpenSSH should immediately apply this update which contains a backported fix for this issue.
Download the following RPM packages to the NetWinder into a temporary
directory, then install them with the command "rpm -Uvh *.rpm". Be sure
there are no other files ending in ".rpm" in the temporary directory. See
http://www.netwinder.org/security/install.html for more help.
Notice: The optional "askpass" and "askpass-gnome" packages have not been built, as I doubt anybody actually uses them on a NetWinder. If you do have these installed, the rpm upgrade will complain about them. You can safely remove those packages first and then do the upgrade cleanly.
Required packages for dm-3.1-15 and OfficeServer:
Required packages for dm-3.9-28:
Required packages for nw-9: