linux, säkerhet

10700732 2003-09-16 12:26 -0700 /73 rader/ Immunix Security Team <security@immunix.com>
Importerad: 2003-09-16 22:17 av Brevbäraren
Extern mottagare: lwn@lwn.net
Extern mottagare: lists@net-security.org
Extern mottagare: security-alerts@linuxsecurity.com
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: linsec@lists.seifried.org
Extern mottagare: immunix-announce@immunix.org
Mottagare: Bugtraq (import) <29029>
Ärende: Immunix Secured OS 7+ openssh update
------------------------------------------------------------
From: Immunix Security Team <security@immunix.com>
To: lwn@lwn.net, lists@net-security.org,
 security-alerts@linuxsecurity.com, bugtraq@securityfocus.com,
 linsec@lists.seifried.org, immunix-announce@immunix.org
Message-ID: <20030916192629.GC18711@wirex.com>

[ObReminder: Please do not configure vacation(1) or procmail(1) or
outlook "out of office autoreplies" to respond to Precedence: Bulk
mail or other public mail lists. Please do not configure your virus
scanners to trigger on -any- attachments; a GPG signature is not a
virus.  Thanks.]

-----------------------------------------------------------------------
	Immunix Secured OS Security Advisory

Packages updated:	openssh
Affected products:	Immunix OS 7+
Bugs fixed:		CAN-2003-0693
Date:			Tue Sep 16 2003
Advisory ID:		IMNX-2003-7+-020-01
Author:			Seth Arnold <sarnold@immunix.com>
-----------------------------------------------------------------------

Description:
  A vulnerability has been reported in OpenSSH that is rumoured to be
  remotely exploitable for root privileges, even in the face of privsep.
  The bug is in the buffer_append_space() function, which operates on
  Buffer structs; these structs have a buffer initialized through
  malloc(), so StackGuard is unlikely to have any impact on any
  potential exploits.

  The vulnerability comes when the fatal() function calls cleanup
  handlers that rely on potentially corrupted data. This patch
  corrects buffer_append_space() to maintain consistent state.

  References: http://www.openssh.com/txt/buffer.adv
  http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0693

Package names and locations:
  Precompiled binary packages for Immunix 7+ are available at:
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/openssh-3.4p1-1_imnx_11.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/openssh-askpass-3.4p1-1_imnx_11.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/openssh-clients-3.4p1-1_imnx_11.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/openssh-server-3.4p1-1_imnx_11.i386.rpm


Immunix OS 7+ md5sums:
  50e8edbfe40d74b7c6689c08b2aa11de  openssh-3.4p1-1_imnx_11.i386.rpm
  ac1a6f128c7476530ba081ff4da814f1  openssh-askpass-3.4p1-1_imnx_11.i386.rpm
  cac82740907f43ee584370e018ac1b90  openssh-clients-3.4p1-1_imnx_11.i386.rpm
  09f2838278b8fd633745998c73d4ef2d  openssh-server-3.4p1-1_imnx_11.i386.rpm


GPG verification:                                                               
  Our public keys are available at http://download.immunix.org/GPG_KEY
  Immunix, Inc., has changed policy with GPG keys. We maintain several
  keys now: C53B2B53 for Immunix 7+ package signing, D3BA6C17 for
  Immunix 7.3 package signing, and 1B7456DA for general security issues.

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

  ImmunixOS 6.2 is no longer officially supported.
  ImmunixOS 7.0 is no longer officially supported.

Contact information:
  To report vulnerabilities, please contact security@immunix.com.
  Immunix attempts to conform to the RFP vulnerability disclosure protocol
  http://www.wiretrip.net/rfp/policy.html.
(10700732) /Immunix Security Team <security@immunix.com>/(Ombruten)
Bilaga (application/pgp-signature) i text 10700733
10700733 2003-09-16 12:26 -0700 /9 rader/ Immunix Security Team <security@immunix.com>
Importerad: 2003-09-16 22:17 av Brevbäraren
Extern mottagare: lwn@lwn.net
Extern mottagare: lists@net-security.org
Extern mottagare: security-alerts@linuxsecurity.com
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: linsec@lists.seifried.org
Extern mottagare: immunix-announce@immunix.org
Mottagare: Bugtraq (import) <29030>
Bilaga (application/pgp-signature) till text 10700732
Ärende: Bilaga till: Immunix Secured OS 7+ openssh update
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj9nY+UACgkQn5I6Lxt0VtqJaACeMMozZyWGUTnZb9T8h2L5gPtE
FlwAniHPLlhRQqTyBSKB5+azu5/dakYN
=2TqM
-----END PGP SIGNATURE-----
(10700733) /Immunix Security Team <security@immunix.com>/