Slackware alert: OpenSSH security problem fixed

Posted by dave on Mar 7, 2002 3:51 PM EDT
Mailing list
Mail this story
Print this story

New openssh packages are available to fix security problems.

New openssh packages are available to fix security problems.

Here's the information from the Slackware 8.0 ChangeLog:

---------------------------- Thu Mar 7 12:00:18 PST 2002 patches/packages/openssh.tgz: Upgraded to openssh-3.1p1.

This fixes a security problem in the openssh package. All sites running OpenSSH should upgrade immediately.

All versions of OpenSSH between 2.0 and 3.0.2 contain an off-by-one error in the channel code. OpenSSH 3.1 and later are not affected. This bug can be exploited locally by an authenticated user logging into a vulnerable OpenSSH server or by a malicious SSH server attacking a vulnerable OpenSSH client. This bug was discovered by Joost Pol <>

(* Security fix *) ----------------------------

WHERE TO FIND THE NEW PACKAGE: ------------------------------ Updated openssh package for Slackware 8.0:

Updated openssh package for Slackware -current:

MD5 SIGNATURE: --------------

Here is the md5sum for the package:

Slackware 8.0: 1db0be2661cc1640aaa5797f9eb366db openssh.tgz

Slackware -current: d7686a09c398a76b0d0638c8dae615ef openssh-3.1p1-i386-1.tgz

INSTALLATION INSTRUCTIONS: --------------------------

First, stop sshd: # /etc/rc.d/rc.sshd stop

Next, upgrade to the new openssh.tgz package: # upgradepkg openssh.tgz

Finally, restart sshd: # /etc/rc.d/rc.sshd start

Remember, it's also a good idea to backup configuration files before upgrading packages.

- Slackware Linux Security Team

+------------------------------------------------------------------------+ | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | +------------------------------------------------------------------------+ | Send an email to with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! | +------------------------------------------------------------------------+

» Read more about: Story Type: Security; Groups: Slackware

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.