Säkerhetsbulletin från Debian

openssh -- möjlig fjärrattack

Rapporterat den:

2000-11-18

Berörda paket:

ssh, ssh-askpass-gnome

Sårbara:

Referenser i säkerhetsdatabaser:

I Mitres CVE-förteckning: CVE-2000-1169.

Ytterligare information:

"Adv.fwd"-säkerhetsbulletinen från OpenBSD, vilket rapporterar om ett problem med openssh som Jacob Langseth <jwl@pobox.com> fann: när anslutningen upprättas kan fjärr-ssh-servern tvinga ssh-klienten att aktivera agent- och X11-vidaresändning.

Detta har rättats i version 1.2.3-9.1 och vi rekommenderar att du uppgraderar ditt openssh-paket omedelbart.

Rättat i:

Debian 2.2 (potato)

Källkod:: http://security.debian.org/dists/stable/updates/main/source/openssh_1.2.3-9.1.diff.gz; http://security.debian.org/dists/stable/updates/main/source/openssh_1.2.3-9.1.dsc; http://security.debian.org/dists/stable/updates/main/source/openssh_1.2.3.orig.tar.gz
Architecture-independent component:: http://security.debian.org/dists/stable/updates/main/binary-all/ssh-askpass-ptk_1.2.3-9.1_all.deb
alpha:: http://security.debian.org/dists/stable/updates/main/binary-alpha/ssh-askpass-gnome_1.2.3-9.1_alpha.deb; http://security.debian.org/dists/stable/updates/main/binary-alpha/ssh_1.2.3-9.1_alpha.deb
arm:: http://security.debian.org/dists/stable/updates/main/binary-arm/ssh-askpass-gnome_1.2.3-9.1_arm.deb; http://security.debian.org/dists/stable/updates/main/binary-arm/ssh_1.2.3-9.1_arm.deb
i386:: http://security.debian.org/dists/stable/updates/main/binary-i386/ssh-askpass-gnome_1.2.3-9.1_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/ssh_1.2.3-9.1_i386.deb
m68k:: http://security.debian.org/dists/stable/updates/main/binary-m68k/ssh-askpass-gnome_1.2.3-9.1_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/ssh_1.2.3-9.1_m68k.deb
powerpc:: http://security.debian.org/dists/stable/updates/main/binary-powerpc/ssh-askpass-gnome_1.2.3-9.1_powerpc.deb; http://security.debian.org/dists/stable/updates/main/binary-powerpc/ssh_1.2.3-9.1_powerpc.deb