[linux-sec-uk] OpenSSH buffer management error - Patch 2

Mark Boddington linux-sec-uk at mailman.lug.org.uk
Wed Sep 17 09:04:00 2003


Hi all,

We're up to 3.7.1
The advisory has been updated. I tlooks like 3.7 missed something. If you patched
last night, its time to do it again! The changelog says:

20030917
  - (djm) OpenBSD Sync
    - markus@cvs.openbsd.org 2003/09/16 21:02:40
      [buffer.c channels.c version.h]
      more malloc/fatal fixes; ok millert/deraadt; ghudson at MIT.EDU
  - (djm) Crank RPM spec versions
  - (djm) Release 3.7.1p1

fun, fun, fun.

Mark

James Davis wrote:
> Am sure you've already heard of today's announcement of the flaw in
> OpenSSH detailed at http://www.openssh.com/txt/buffer.adv but I felt this
> affects enough people to justify a posting to this list. Exploits are in
> the wild already so upgrade to OpenSSH 3.7 (see your vendor or
> openssh.com) or apply the patch provided at OpenSSH.com
> 
> Regards,
> 
> James
> 
> 
> _______________________________________________
> linux-sec-uk mailing list
> linux-sec-uk@mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/linux-sec-uk
> 
>