[svlug] [bugzilla@redhat.com: [RHSA-2002:127-18] Updated OpenSSH packages fix various security issues]

Bruce O. Benson benson at tux.org
Mon Jul 1 20:08:58 PDT 2002


People who aren't on Red Hat's bug list had a fix for this 3 days earlier...

http://www.debian.org/security/2002/dsa-134

BB.
-- 
Bruce O. Benson, Co-Chair,
NovaLUG Security SIG.
mailto:benson at tux.org  |  http://novalug.tux.org

On Thu, 27 Jun 2002, Drew Bertola wrote:
>

> I thought people who aren't on Red Hat's bug list might like to see
> this...
> ----- Forwarded message from bugzilla at redhat.com -----
>
> Subject: [RHSA-2002:127-18] Updated OpenSSH packages fix various security issues
> From: bugzilla at redhat.com
> To: redhat-watch-list at redhat.com
> Cc: bugtraq at securityfocus.com, linux-security at redhat.com
> Date: Thu, 27 Jun 2002 17:47 -0400
>
> ---------------------------------------------------------------------
>                    Red Hat, Inc. Red Hat Security Advisory
>
> Synopsis:          Updated OpenSSH packages fix various security issues
> Advisory ID:       RHSA-2002:127-18
> Issue date:        2002-06-24
> Updated on:        2002-06-27
> Product:           Red Hat Linux
> Keywords:          security pam openssh ChallengeResponseAuthentication
> Cross references:
> Obsoletes:         RHSA-2002:043
>
> ---------------------------------------------------------------------
>
> 1. Topic:
>
> Updated openssh packages are now available for Red Hat Linux 7, 7.1, 7.2,
> and 7.3.  These updates fix an input validation error in OpenSSH.
>
> 2. Relevant releases/architectures:
>
> Red Hat Linux 7.0 - alpha, i386
>
> Red Hat Linux 7.1 - alpha, i386, ia64
>
> Red Hat Linux 7.2 - i386, ia64
>
> Red Hat Linux 7.3 - i386
>
> 3. Problem description:
>
> OpenSSH provides an implementation of the SSH (secure shell) protocol used
> for logging into and executing commands on remote machines.
>
> Versions of the OpenSSH server between 2.3.1 and 3.3 contain an input
> validation error that can result in an integer overflow and privilege
> escalation.
>
> At this time, Red Hat does not believe that the default installation of
> OpenSSH on Red Hat Linux is vulnerable to this issue; however a user would
> be vulnerable if the configuration option "PAMAuthenticationViaKbdInt" is
> enabled in the sshd configuration file (it is not enabled by default).
>
> We have applied the security fix provided by the OpenSSH team to these
> errata packages which are based on OpenSSH 3.1p1.  This should minimize the
> impact of upgrading to our errata packages.
>
> All users of OpenSSH should update to these errata packages which are not
> vulnerable to this issue.
>
> 4. Solution:
>
> Before applying this update, make sure all previously released errata
> relevant to your system have been applied.
>
> To update all RPMs for your particular architecture, run:
>
> rpm -Fvh [filenames]
>
> where [filenames] is a list of the RPMs you wish to upgrade.  Only those
> RPMs which are currently installed will be updated.  Those RPMs which are
> not installed but included in the list will not be updated.  Note that you
> can also use wildcards (*.rpm) if your current directory *only* contains
> the desired RPMs.
>
> Please note that this update is also available via Red Hat Network.  Many
> people find this an easier way to apply updates.  To use Red Hat Network,
> launch the Red Hat Update Agent with the following command:
>
> up2date
>
> This will start an interactive process that will result in the appropriate
> RPMs being upgraded on your system.
>
> 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
>
>
>
> 6. RPMs required:
>
> Red Hat Linux 7.0:
>
> SRPMS:
> ftp://updates.redhat.com/7.0/en/os/SRPMS/openssh-3.1p1-5.src.rpm
>
> alpha:
> ftp://updates.redhat.com/7.0/en/os/alpha/openssh-3.1p1-5.alpha.rpm
> ftp://updates.redhat.com/7.0/en/os/alpha/openssh-askpass-3.1p1-5.alpha.rpm
> ftp://updates.redhat.com/7.0/en/os/alpha/openssh-askpass-gnome-3.1p1-5.alpha.rpm
> ftp://updates.redhat.com/7.0/en/os/alpha/openssh-clients-3.1p1-5.alpha.rpm
> ftp://updates.redhat.com/7.0/en/os/alpha/openssh-server-3.1p1-5.alpha.rpm
>
> i386:
> ftp://updates.redhat.com/7.0/en/os/i386/openssh-3.1p1-5.i386.rpm
> ftp://updates.redhat.com/7.0/en/os/i386/openssh-askpass-3.1p1-5.i386.rpm
> ftp://updates.redhat.com/7.0/en/os/i386/openssh-askpass-gnome-3.1p1-5.i386.rpm
> ftp://updates.redhat.com/7.0/en/os/i386/openssh-clients-3.1p1-5.i386.rpm
> ftp://updates.redhat.com/7.0/en/os/i386/openssh-server-3.1p1-5.i386.rpm
>
> Red Hat Linux 7.1:
>
> SRPMS:
> ftp://updates.redhat.com/7.1/en/os/SRPMS/openssh-3.1p1-5.src.rpm
>
> alpha:
> ftp://updates.redhat.com/7.1/en/os/alpha/openssh-3.1p1-5.alpha.rpm
> ftp://updates.redhat.com/7.1/en/os/alpha/openssh-askpass-3.1p1-5.alpha.rpm
> ftp://updates.redhat.com/7.1/en/os/alpha/openssh-askpass-gnome-3.1p1-5.alpha.rpm
> ftp://updates.redhat.com/7.1/en/os/alpha/openssh-clients-3.1p1-5.alpha.rpm
> ftp://updates.redhat.com/7.1/en/os/alpha/openssh-server-3.1p1-5.alpha.rpm
>
> i386:
> ftp://updates.redhat.com/7.1/en/os/i386/openssh-3.1p1-5.i386.rpm
> ftp://updates.redhat.com/7.1/en/os/i386/openssh-askpass-3.1p1-5.i386.rpm
> ftp://updates.redhat.com/7.1/en/os/i386/openssh-askpass-gnome-3.1p1-5.i386.rpm
> ftp://updates.redhat.com/7.1/en/os/i386/openssh-clients-3.1p1-5.i386.rpm
> ftp://updates.redhat.com/7.1/en/os/i386/openssh-server-3.1p1-5.i386.rpm
>
> ia64:
> ftp://updates.redhat.com/7.1/en/os/ia64/openssh-3.1p1-5.ia64.rpm
> ftp://updates.redhat.com/7.1/en/os/ia64/openssh-askpass-3.1p1-5.ia64.rpm
> ftp://updates.redhat.com/7.1/en/os/ia64/openssh-askpass-gnome-3.1p1-5.ia64.rpm
> ftp://updates.redhat.com/7.1/en/os/ia64/openssh-clients-3.1p1-5.ia64.rpm
> ftp://updates.redhat.com/7.1/en/os/ia64/openssh-server-3.1p1-5.ia64.rpm
>
> Red Hat Linux 7.2:
>
> SRPMS:
> ftp://updates.redhat.com/7.2/en/os/SRPMS/openssh-3.1p1-6.src.rpm
>
> i386:
> ftp://updates.redhat.com/7.2/en/os/i386/openssh-3.1p1-6.i386.rpm
> ftp://updates.redhat.com/7.2/en/os/i386/openssh-askpass-3.1p1-6.i386.rpm
> ftp://updates.redhat.com/7.2/en/os/i386/openssh-askpass-gnome-3.1p1-6.i386.rpm
> ftp://updates.redhat.com/7.2/en/os/i386/openssh-clients-3.1p1-6.i386.rpm
> ftp://updates.redhat.com/7.2/en/os/i386/openssh-server-3.1p1-6.i386.rpm
>
> ia64:
> ftp://updates.redhat.com/7.2/en/os/ia64/openssh-3.1p1-6.ia64.rpm
> ftp://updates.redhat.com/7.2/en/os/ia64/openssh-askpass-3.1p1-6.ia64.rpm
> ftp://updates.redhat.com/7.2/en/os/ia64/openssh-askpass-gnome-3.1p1-6.ia64.rpm
> ftp://updates.redhat.com/7.2/en/os/ia64/openssh-clients-3.1p1-6.ia64.rpm
> ftp://updates.redhat.com/7.2/en/os/ia64/openssh-server-3.1p1-6.ia64.rpm
>
> Red Hat Linux 7.3:
>
> SRPMS:
> ftp://updates.redhat.com/7.3/en/os/SRPMS/openssh-3.1p1-6.src.rpm
>
> i386:
> ftp://updates.redhat.com/7.3/en/os/i386/openssh-3.1p1-6.i386.rpm
> ftp://updates.redhat.com/7.3/en/os/i386/openssh-askpass-3.1p1-6.i386.rpm
> ftp://updates.redhat.com/7.3/en/os/i386/openssh-askpass-gnome-3.1p1-6.i386.rpm
> ftp://updates.redhat.com/7.3/en/os/i386/openssh-clients-3.1p1-6.i386.rpm
> ftp://updates.redhat.com/7.3/en/os/i386/openssh-server-3.1p1-6.i386.rpm
>
>
>
> 7. Verification:
>
> MD5 sum                          Package Name
> --------------------------------------------------------------------------
> d1f19327b85cddfbcf3167b3374842a7 7.0/en/os/SRPMS/openssh-3.1p1-5.src.rpm
> f6176399bd232630f8bb517d8f4dd42e 7.0/en/os/alpha/openssh-3.1p1-5.alpha.rpm
> 92807b7217c777dda6b9a43dbe7ce7fd 7.0/en/os/alpha/openssh-askpass-3.1p1-5.alpha.rpm
> 9eea8c2d710290d4d7425c03aef26d2e 7.0/en/os/alpha/openssh-askpass-gnome-3.1p1-5.alpha.rpm
> d3f22ca75eb56ac35f0084b5f25df3cb 7.0/en/os/alpha/openssh-clients-3.1p1-5.alpha.rpm
> 8f7553265365190f8714ff67a94af972 7.0/en/os/alpha/openssh-server-3.1p1-5.alpha.rpm
> ea1910c305cd61e437271885280d5268 7.0/en/os/i386/openssh-3.1p1-5.i386.rpm
> db93fb0988ce7408f7f77a4589fd85b2 7.0/en/os/i386/openssh-askpass-3.1p1-5.i386.rpm
> 998bb0b0e59a864d5156ec6c7e2a667f 7.0/en/os/i386/openssh-askpass-gnome-3.1p1-5.i386.rpm
> 3071cba22fb9d00ea74275ddd6849e07 7.0/en/os/i386/openssh-clients-3.1p1-5.i386.rpm
> 4cb070808101c4f24cf892782556f734 7.0/en/os/i386/openssh-server-3.1p1-5.i386.rpm
> d1f19327b85cddfbcf3167b3374842a7 7.1/en/os/SRPMS/openssh-3.1p1-5.src.rpm
> f6176399bd232630f8bb517d8f4dd42e 7.1/en/os/alpha/openssh-3.1p1-5.alpha.rpm
> 92807b7217c777dda6b9a43dbe7ce7fd 7.1/en/os/alpha/openssh-askpass-3.1p1-5.alpha.rpm
> 9eea8c2d710290d4d7425c03aef26d2e 7.1/en/os/alpha/openssh-askpass-gnome-3.1p1-5.alpha.rpm
> d3f22ca75eb56ac35f0084b5f25df3cb 7.1/en/os/alpha/openssh-clients-3.1p1-5.alpha.rpm
> 8f7553265365190f8714ff67a94af972 7.1/en/os/alpha/openssh-server-3.1p1-5.alpha.rpm
> ea1910c305cd61e437271885280d5268 7.1/en/os/i386/openssh-3.1p1-5.i386.rpm
> db93fb0988ce7408f7f77a4589fd85b2 7.1/en/os/i386/openssh-askpass-3.1p1-5.i386.rpm
> 998bb0b0e59a864d5156ec6c7e2a667f 7.1/en/os/i386/openssh-askpass-gnome-3.1p1-5.i386.rpm
> 3071cba22fb9d00ea74275ddd6849e07 7.1/en/os/i386/openssh-clients-3.1p1-5.i386.rpm
> 4cb070808101c4f24cf892782556f734 7.1/en/os/i386/openssh-server-3.1p1-5.i386.rpm
> 76771fe005710068cf7e77304d8e8c2d 7.1/en/os/ia64/openssh-3.1p1-5.ia64.rpm
> c1f660a37ac295a9d7f76c18c4e39a97 7.1/en/os/ia64/openssh-askpass-3.1p1-5.ia64.rpm
> d3dba2c6749555920d33a2bbf5c34bc7 7.1/en/os/ia64/openssh-askpass-gnome-3.1p1-5.ia64.rpm
> b1fbb0c89efdb666ca834d73776caef3 7.1/en/os/ia64/openssh-clients-3.1p1-5.ia64.rpm
> 41a2988a28bc02ed2d7268fedec3656d 7.1/en/os/ia64/openssh-server-3.1p1-5.ia64.rpm
> 84d1b32febbd22bcc76d44d3d985cf0d 7.2/en/os/SRPMS/openssh-3.1p1-6.src.rpm
> a634222cd0d59ce1e9510323128fc34b 7.2/en/os/i386/openssh-3.1p1-6.i386.rpm
> 1d84ecee0666441698fe7686c2f5ac3f 7.2/en/os/i386/openssh-askpass-3.1p1-6.i386.rpm
> 7f568c333c7f15e2608b2adc134ad65a 7.2/en/os/i386/openssh-askpass-gnome-3.1p1-6.i386.rpm
> f7c7bcce4abd79c9604b0d43a7978cc1 7.2/en/os/i386/openssh-clients-3.1p1-6.i386.rpm
> c40ab32a22bac14625a845e342512785 7.2/en/os/i386/openssh-server-3.1p1-6.i386.rpm
> 892dd7540ed71c530949baf736a4e96d 7.2/en/os/ia64/openssh-3.1p1-6.ia64.rpm
> 8dc28e066ad28fb16d57319af0297d47 7.2/en/os/ia64/openssh-askpass-3.1p1-6.ia64.rpm
> 317f50806f05d91df9f7742c8b6b1297 7.2/en/os/ia64/openssh-askpass-gnome-3.1p1-6.ia64.rpm
> e037c1229d3062c6ff3d2a5c022787dc 7.2/en/os/ia64/openssh-clients-3.1p1-6.ia64.rpm
> f067a362f3dd6b838476c93cfedc740a 7.2/en/os/ia64/openssh-server-3.1p1-6.ia64.rpm
> 84d1b32febbd22bcc76d44d3d985cf0d 7.3/en/os/SRPMS/openssh-3.1p1-6.src.rpm
> a634222cd0d59ce1e9510323128fc34b 7.3/en/os/i386/openssh-3.1p1-6.i386.rpm
> 1d84ecee0666441698fe7686c2f5ac3f 7.3/en/os/i386/openssh-askpass-3.1p1-6.i386.rpm
> 7f568c333c7f15e2608b2adc134ad65a 7.3/en/os/i386/openssh-askpass-gnome-3.1p1-6.i386.rpm
> f7c7bcce4abd79c9604b0d43a7978cc1 7.3/en/os/i386/openssh-clients-3.1p1-6.i386.rpm
> c40ab32a22bac14625a845e342512785 7.3/en/os/i386/openssh-server-3.1p1-6.i386.rpm
>
>
> These packages are GPG signed by Red Hat, Inc. for security.  Our key
> is available at:
>     http://www.redhat.com/about/contact/pgpkey.html
>
> You can verify each package with the following command:
>     rpm --checksig  <filename>
>
> If you only wish to verify that each package has not been corrupted or
> tampered with, examine only the md5sum with the following command:
>     rpm --checksig --nogpg <filename>
>
> 8. References:
>
> http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=102510268109227
> http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=102511867031136
>
>
>
> Copyright(c) 2000, 2001, 2002 Red Hat, Inc.
>
>
>
> _______________________________________________
> Redhat-watch-list mailing list
> To unsubscribe, visit: https://listman.redhat.com/mailman/listinfo/redhat-watch-list
>
> ----- End forwarded message -----
>
>





More information about the svlug mailing list