Linux News
The world is talking about GNU/Linux and Free/Open Source Software

Login

If you don't have an account yet, visit the registration page to sign up.

If you already have an account, you may login here:

Today's Big Story

Wave: 21th Century Terminal Emulator Designed for Gen Z

LXer Features

Encryption, Trust, and the Hidden Dangers of Vendor-Controlled Data

My Linux Mint Tribute

How I Turned My Chromebook Into A "Mintbook"

Adventures With My New Chromebook

My Linux Laptop

Laptop Dual Boot Project: Part 2

Have something to say?

Ready to be published? LXer is read by around 350,000 individuals each month, and is an excellent place for you to publish your ideas, thoughts, reviews, complaints, etc. Do you have something to say to the Linux community?

Publish it here.

DaniWeb Linux Community
An exciting professional discussion group about software development, php, shell scripting, networking, ruby, and more.

Latest Discussions

This is really cool, and a big deal for Linux too.

My RSS reader can't find LXer's feed

A great and free Task Manager plus!

I have some ideas..

Install of HYPRLAND on Arch Cosmic (ML4W 2.9.6.1-1) via Paru

Please add https to lxer.com

Why are flatpaks so HUGE?

So Microsft gets to decide?

All that's great, but.....

Setup COSMIC DE on Manjaro in batch mode via yay

More...

Site Menu

Other News

- LWN.net
Their weekly coverage of Linux news is unmatched in this community.

- LinuxGizmos.com
Excellent news for embedded Linux.

- LinuxQuestions.org
Discussion forums for Linux users.

LinuxQuestions.org is a friendly and active Linux Community with forums, reviews, a hardware compatibility list, a wiki, tutorials, a download site, a podcast and more.

Slackware alert: OpenSSH security problem fixed

Posted by dave on Mar 7, 2002 3:51 PM EDT
Mailing list

Mail this story
Print this story

New openssh packages are available to fix security problems.

New openssh packages are available to fix security problems.

Here's the information from the Slackware 8.0 ChangeLog:

----------------------------
Thu Mar  7 12:00:18 PST 2002
patches/packages/openssh.tgz:  Upgraded to openssh-3.1p1.

  This fixes a security problem in the openssh package.  All sites running
  OpenSSH should upgrade immediately.

  All versions of OpenSSH between 2.0 and 3.0.2 contain an off-by-one error
  in the channel code.  OpenSSH 3.1 and later are not affected.  This bug can
  be exploited locally by an authenticated user logging into a vulnerable
  OpenSSH server or by a malicious SSH server attacking a vulnerable OpenSSH
  client.  This bug was discovered by Joost Pol <joost@pine.nl>

(* Security fix *)
----------------------------


WHERE TO FIND THE NEW PACKAGE:
------------------------------
Updated openssh package for Slackware 8.0:
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/openssh.tgz

Updated openssh package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/openssh-3.1p1/packages/openssh-3.1p1-i386-1.tgz


MD5 SIGNATURE:
--------------

Here is the md5sum for the package:

Slackware 8.0:
1db0be2661cc1640aaa5797f9eb366db  openssh.tgz

Slackware -current:
d7686a09c398a76b0d0638c8dae615ef  openssh-3.1p1-i386-1.tgz


INSTALLATION INSTRUCTIONS:
--------------------------

First, stop sshd:
# /etc/rc.d/rc.sshd stop

Next, upgrade to the new openssh.tgz package:
# upgradepkg openssh.tgz

Finally, restart sshd:
# /etc/rc.d/rc.sshd start


Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
  http://www.slackware.com


+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+

Linux NewsThe world is talking about GNU/Linux and Free/Open Source Software