Full Disclosure mailing list archives
[TURBOLINUX SECURITY INFO] 24/Sep/2003
From: Turbolinux <security-announce () turbolinux co jp>
Date: Wed, 24 Sep 2003 22:32:57 +0900
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is an announcement only email list for the x86 architecture. ============================================================ Turbolinux Security Announcement 24/Sep/2003 ============================================================ The following page contains the security information of Turbolinux Inc. - Turbolinux Security Center http://www.turbolinux.com/security/ (1) openssh -> Multiple PAM vulnerabilities in portable OpenSSH =========================================================== * openssh -> Multiple PAM vulnerabilities in portable OpenSSH =========================================================== More information : OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Portable OpenSSH versions 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the new PAM code. Impact : This vulnerability may allow a remote attacker to execute arbitrary code. Affected Products : - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation - Turbolinux Server 6.5 - Turbolinux Advanced Server 6 - Turbolinux Server 6.1 - Turbolinux Workstation 6.0 Solution : Please use turbopkg tool to apply the update. <Turbolinux 8 Server> Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/openssh-3.7.1p2-1.src.rpm 841803 28e1c71d64011fdeb6890bd1d8804388 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-3.7.1p2-1.i586.rpm 194122 9a47b953d0e74bfa79a9c1f43f71dc0b ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-askpass-3.7.1p2-1.i586.rpm 33827 dd95b2007be192ee180fa1ebf9a88507 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-askpass-gnome-3.7.1p2-1.i586.rpm 15063 773ec94a46423affa6f2fcfa7eb2bf69 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-clients-3.7.1p2-1.i586.rpm 216067 a564350ed7e95eae22c67f93dc257a7d ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-server-3.7.1p2-1.i586.rpm 232433 e5190c2645f2434bcdd8efaaf4380a6c <Turbolinux 8 Workstation> Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/openssh-3.7.1p2-1.src.rpm 841803 9b3681f7e3b5d46476f9b2dadbf656d6 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-3.7.1p2-1.i586.rpm 194125 72f3152f1a0d92b008656484e52721a4 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-askpass-3.7.1p2-1.i586.rpm 33851 1e24e132581470557f0298c49c1c3911 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-clients-3.7.1p2-1.i586.rpm 216079 b33a5ac4e3e955aa20bfb1597d72678c ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-server-3.7.1p2-1.i586.rpm 232441 3b100ecab1d481348b2d9c34bc13eefd <Turbolinux 7 Server> Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/openssh-3.7.1p2-1.src.rpm 841803 5b7552ce227d1fa6e31164dfd74fe579 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-3.7.1p2-1.i586.rpm 189907 91aa0affe5082af3a66c8d4e5d2c577e ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-askpass-3.7.1p2-1.i586.rpm 33396 2755d5054107224c792cffce76cd886c ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-clients-3.7.1p2-1.i586.rpm 209945 352a3c633c8f743475cb9a31a81f7d2d ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-server-3.7.1p2-1.i586.rpm 224672 05227a78e45e52c5188719e8431877ef <Turbolinux 7 Workstation> Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/openssh-3.7.1p2-1.src.rpm 841803 0cf920c645518accdd6d1369d5902fca Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-3.7.1p2-1.i586.rpm 189890 138e1ba2457c3bd1b23fadb3723b2e5b ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-askpass-3.7.1p2-1.i586.rpm 33390 b9f74e65f3a22c8bf97b374d4ae4f5c7 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-clients-3.7.1p2-1.i586.rpm 209892 dab0ba262edcbaf7de1c380f163a7475 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-server-3.7.1p2-1.i586.rpm 224652 74f5869f1ed88d43f1f04de91a8312c4 <Turbolinux Server 6.5> Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/openssh-3.7.1p2-1.src.rpm 841803 b83358d4ddc0e16c0971ea11044c532b Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-3.7.1p2-1.i386.rpm 212515 5c62cd0702ef1f0d17beb453063ae00d ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-askpass-3.7.1p2-1.i386.rpm 33089 c8c9718c5eefbc43b3117677d891b07f ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-clients-3.7.1p2-1.i386.rpm 242671 1af40c215cd0a70a9dea6604aeff7a6a ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-server-3.7.1p2-1.i386.rpm 256928 70b46c9f15a3f89f40a9ef29415a7737 <Turbolinux Advanced Server 6> Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/openssh-3.7.1p2-1.src.rpm 841803 9d91a813f8000917735ae48e17111ca1 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-3.7.1p2-1.i386.rpm 212519 16a6bd62fbb4b552b373934e383ae77e ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-askpass-3.7.1p2-1.i386.rpm 33052 60e792b20c88e9a72269f8228f097927 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-askpass-gnome-3.7.1p2-1.i386.rpm 14745 a9b3b17c787aedc36de18e5fb8e7386c ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-clients-3.7.1p2-1.i386.rpm 242660 9784f16ae31a3b60c9f4816a47097419 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-server-3.7.1p2-1.i386.rpm 256937 2d9143191ee571ce825cfa7b2328d798 <Turbolinux Server 6.1> Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/openssh-3.7.1p2-1.src.rpm 841803 c1c1d4080e488c7268e3d07d93721e54 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-3.7.1p2-1.i386.rpm 212493 a3303ce5d8840e9dea2d37953aed1533 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-askpass-gnome-3.7.1p2-1.i386.rpm 14746 9719a5b46e279e51f79f2d62d9f2e486 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-clients-3.7.1p2-1.i386.rpm 242653 1ad928affe945c9f4ed16a88fd50d27c ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-server-3.7.1p2-1.i386.rpm 256900 20678d3a42f343f719ee5714935b7145 <Turbolinux Workstation 6.0> Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/openssh-3.7.1p2-1.src.rpm 841803 7ab6a9ff0498668f34d5808765241c24 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-3.7.1p2-1.i386.rpm 212455 91b1c2bac21f19fcf164ace0cb35738a ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-askpass-3.7.1p2-1.i386.rpm 33059 9c0cbfc3c6e95c93bf46ce4ce5b46647 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-askpass-gnome-3.7.1p2-1.i386.rpm 14741 f7f2f56a8926f035f7a88a0056b59fd7 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-clients-3.7.1p2-1.i386.rpm 242573 4ac5947c8216e9126a86b6e817a42636 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-server-3.7.1p2-1.i386.rpm 256873 12261912bdd5ede5abcbbd868f936ffe Notice : After performing the update, it is necessary to restart the sshd secure shell daemon. To do this, run the following command as user root. --------------------------------------------- # /etc/init.d/sshd restart or # /etc/rc.d/init.d/sshd restart --------------------------------------------- References : OpenSSH Security Advisory [Portable OpenSSH Security Advisory: sshpam.adv] http://www.openssh.com/txt/sshpam.adv openssh-unix-announce [Multiple PAM vulnerabilities in portable OpenSSH] http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000068.html CVE [CAN-2003-0682] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0682 Turbolinux Security Advisory [TLSA-2003-51] http://www.turbolinux.com/security/TLSA-2003-51.txt -------------------------------------------------------------------------- Revision History 24 Sep 2003 Initial release -------------------------------------------------------------------------- * You may need to update the turbopkg tool before applying the update. Please refer to the following URL for detailed information. http://www.turbolinux.com/download/zabom.html http://www.turbolinux.com/download/zabomupdate.html Package Update Path http://www.turbolinux.com/update ============================================================ * To obtain the public key Here is the public key http://www.turbolinux.com/security/ * To unsubscribe from the list If you ever want to remove yourself from this mailing list, you can send a message to <server-users-e-ctl () turbolinux co jp> with the word `unsubscribe' in the body (don't include the quotes). unsubscribe * To change your email address If you ever want to chage email address in this mailing list, you can send a message to <server-users-e-ctl () turbolinux co jp> with the following command in the message body: chaddr 'old address' 'new address' If you have any questions or problems, please contact <supp_info () turbolinux co jp> Thank you! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/cZ0NK0LzjOqIJMwRAkS3AJsGtRi1QFl5vBginyoaGgPUy3GzDQCgtQH+ d7cm7WRRif3u1VaFh6xfW2o= =JtIU -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [TURBOLINUX SECURITY INFO] 24/Sep/2003 Turbolinux (Sep 24)