TUCoPS :: Linux :: Debian :: dsa-383.htm

ssh-krb5 - possible remote vulnerability

Debian Security Advisory

DSA-383-2 ssh-krb5 -- possible remote vulnerability

Date Reported:
17 Sep 2003
Affected Packages:
ssh-krb5
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CAN-2003-0693, CAN-2003-0695, CAN-2003-0682.
CERT's vulnerabilities, advisories and incident notes: VU#333628, CA-2003-24.
More information:

Several bugs have been found in OpenSSH's buffer handling. It is not known if these bugs are exploitable, but as a precaution an upgrade is advised.

DSA-383-2: This advisory is an addition to the earlier DSA-383-1 advisory: Solar Designer found four more bugs in OpenSSH that may be exploitable.

For the Debian stable distribution these bugs have been fixed in version 1:3.4p1-0woody4.

We recommend that you update your ssh-krb5 package.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Source:
http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1.orig.tar.gz
http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1-0woody4.diff.gz
http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1-0woody4.dsc
Alpha:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_ia64.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_sparc.deb

MD5 checksums of the listed files are available in the original advisory.

MD5 checksums of the listed files are available in the original advisory.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH