[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Fw: MDKSA-2001:033 - openssh update



Hi all,
Read this

suri

----- Original Message -----
From: "Linux Mandrake Security Team" <security@xxxxxxxxxxxxxxxxxx>
To: <BUGTRAQ@xxxxxxxxxxxxxxxxx>
Sent: Friday, March 23, 2001 7:45 AM
Subject: MDKSA-2001:033 - openssh update


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ________________________________________________________________________
>
>                 Linux-Mandrake Security Update Advisory
> ________________________________________________________________________
>
> Package name:           openssh
> Date:                   March 22nd, 2001
> Advisory ID:            MDKSA-2001:033
>
> Affected versions:      7.0, 7.1, 7.2, Corporate Server 1.0.1
> ________________________________________________________________________
>
> Problem Description:
>
>  There are several weaknesses in various implementations of the SSH
>  (Secure Shell) protocols.  When exploited, they let the attacker obtain
>  sensitive information by passively monitoring encrypted SSH sessions.
>  The information can later be used to speed up brute-force attacks on
>  passwords, including the initial login password and other passwords
>  appearing in interactive SSH sessions, such as those used with su.
>  Versions of OpenSSH 2.5.2 and later have been fixed to reduce the
>  impact of these traffic analysis problems, and as such all Linux-
>  Mandrake users are encouraged to upgrade their version of openssh
>  immediately.
> ________________________________________________________________________
>
> Please verify the update prior to upgrading to ensure the integrity of
> the downloaded package.  You can do this with the command:
>   rpm --checksig package.rpm
> You can get the GPG public key of the Linux-Mandrake Security Team at
>   http://www.linux-mandrake.com/en/security/RPM-GPG-KEYS
> If you use MandrakeUpdate, the verification of md5 checksum and GPG
> signature is performed automatically for you.
>
> Linux-Mandrake 7.0:
> d9c74271a3aec4555cdb62a2857bcc48  7.0/RPMS/openssh-2.5.2p2-1.3mdk.i586.rpm
> bd65f977d5280b44c21f08a244f82cba
7.0/RPMS/openssh-askpass-2.5.2p2-1.3mdk.i586.rpm
> c9da158ffa0ba31cc35e4f22bd030556
7.0/RPMS/openssh-askpass-gnome-2.5.2p2-1.3mdk.i586.rpm
> ccd33b3400600c4b4b77618e25a5ccc9
7.0/RPMS/openssh-clients-2.5.2p2-1.3mdk.i586.rpm
> a49ca910f2d4688d4857eb0c947e2004
7.0/RPMS/openssh-server-2.5.2p2-1.3mdk.i586.rpm
> 605422c29f15c4013cddb9645a5c7d9e  7.0/SRPMS/openssh-2.5.2p2-1.3mdk.src.rpm
>
> Linux-Mandrake 7.1:
> d52b4e3a03f995b467b9c69fc79ed1f3  7.1/RPMS/openssh-2.5.2p2-1.2mdk.i586.rpm
> 94d800e7f9c3605b7d6a757db5c8a3d5
7.1/RPMS/openssh-askpass-2.5.2p2-1.2mdk.i586.rpm
> f17b18bc9b78383790539120fe72827a
7.1/RPMS/openssh-askpass-gnome-2.5.2p2-1.2mdk.i586.rpm
> 17dd271c703046bb958deca2fd745066
7.1/RPMS/openssh-clients-2.5.2p2-1.2mdk.i586.rpm
> c3ad8374809dfc8441277558a86827e1
7.1/RPMS/openssh-server-2.5.2p2-1.2mdk.i586.rpm
> df84dc322a0807e6d89075cd58b59612  7.1/SRPMS/openssh-2.5.2p2-1.2mdk.src.rpm
>
> Linux-Mandrake 7.2:
> aac93da80423bbd1911baf8701bc3f9e  7.2/RPMS/openssh-2.5.2p2-1.1mdk.i586.rpm
> 20e5c9e8839aa6f2da4e5c0bc8fab7a1
7.2/RPMS/openssh-askpass-2.5.2p2-1.1mdk.i586.rpm
> e99243adc1ca8cf88a0f3231f7893321
7.2/RPMS/openssh-askpass-gnome-2.5.2p2-1.1mdk.i586.rpm
> a90110f3005e7cb10eaa529bdb3916ad
7.2/RPMS/openssh-clients-2.5.2p2-1.1mdk.i586.rpm
> 60776d78a45d1d5991291af182eff2be
7.2/RPMS/openssh-server-2.5.2p2-1.1mdk.i586.rpm
> b63de9206902d94003b8662d919ce83f  7.2/SRPMS/openssh-2.5.2p2-1.1mdk.src.rpm
>
> Corporate Server 1.0.1:
> 9158aa57a6513e142a55ce13af9ef12e
1.0.1/RPMS/openssh-2.5.2p2-1.4mdk.i586.rpm
> 083969a5862a600473c16a99318cbb0b
1.0.1/RPMS/openssh-askpass-2.5.2p2-1.4mdk.i586.rpm
> 79b9cd749ea0566f5faf0e90066d3902
1.0.1/RPMS/openssh-askpass-gnome-2.5.2p2-1.4mdk.i586.rpm
> 37fefc958b521a1edba206260817f610
1.0.1/RPMS/openssh-clients-2.5.2p2-1.4mdk.i586.rpm
> 2d30e7c0b5c75325e2d8f9b4a0408fdd
1.0.1/RPMS/openssh-server-2.5.2p2-1.4mdk.i586.rpm
> 279b70b43a1751004c731d158cd1fcb8
1.0.1/SRPMS/openssh-2.5.2p2-1.4mdk.src.rpm
> ________________________________________________________________________
>
> To upgrade automatically, use MandrakeUpdate.
>
> If you want to upgrade manually, download the updated package from one
> of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".
>
> You can download the updates directly from one of the mirror sites
> listed at:
>
>   http://www.linux-mandrake.com/en/ftp.php3.
>
> Updated packages are available in the "updates/[ver]/RPMS/" directory.
> For example, if you are looking for an updated RPM package for
> Linux-Mandrake 7.2, look for it in "updates/7.2/RPMS/".  Updated source
> RPMs are available as well, but you generally do not need to download
> them.
>
> Please be aware that sometimes it takes the mirrors a few hours to
> update.
>
> You can view other security advisories for Linux-Mandrake at:
>
>   http://www.linux-mandrake.com/en/security/
>
> If you want to report vulnerabilities, please contact
>
>   security@xxxxxxxxxxxxxxxxxx
> ________________________________________________________________________
>
> Linux-Mandrake has two security-related mailing list services that
> anyone can subscribe to:
>
> security-announce@xxxxxxxxxxxxxxxxxx
>
>   Linux-Mandrake's security announcements mailing list.  Only
>   announcements are sent to this list and it is read-only.
>
> security-discuss@xxxxxxxxxxxxxxxxxx
>
>   Linux-Mandrake's security discussion mailing list.  This list is open
>   to anyone to discuss Linux-Mandrake security specifically and Linux
>   security in general.
>
> To subscribe to either list, send a message to
>   sympa@xxxxxxxxxxxxxxxxxx
> with "subscribe [listname]" in the body of the message.
>
> To remove yourself from either list, send a message to
>   sympa@xxxxxxxxxxxxxxxxxx
> with "unsubscribe [listname]" in the body of the message.
>
> To get more information on either list, send a message to
>   sympa@xxxxxxxxxxxxxxxxxx
> with "info [listname]" in the body of the message.
>
> Optionally, you can use the web interface to subscribe to or unsubscribe
> from either list:
>
>   http://www.linux-mandrake.com/en/flists.php3#security
> ________________________________________________________________________
>
> Type Bits/KeyID     Date       User ID
> pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
>   <security@xxxxxxxxxxxxxxxxxx>
>
>
> - -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: GnuPG v1.0.1 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday
> L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7
> WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo
> P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl
> hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx
> PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg
> 2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs
> iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD
> LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu
> ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t
> PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy
> /NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulq5AQ0EOWnn
> 7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ9F77
> 9FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzRxBXV
> Jb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z269s
> +A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN6SCX
> Vl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZjTcl
> 3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo0NAi
> RYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJEJGX
> lA==
> =WxWn
> - -----END PGP PUBLIC KEY BLOCK-----
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.4 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE6uqQhmqjQ0CJFipgRAlaXAJ4hDgIyN7UaQTJgAnKGhOuek1jQKQCfbcJ0
> CuOo5mxY9x9j7KCSKT/+L0o=
> =WODa
> -----END PGP SIGNATURE-----



_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com