Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-383-2:28CC6
HistorySep 21, 2003 - 7:05 p.m.

[SECURITY] [DSA-383-2] OpenSSH buffer management fix

2003-09-2119:05:20
lists.debian.org
10
JSON

Debian Security Advisory DSA-383-2 [email protected]
http://www.debian.org/security/ Wichert Akkerman
September 21, 2003

Package : ssh-krb5
Vulnerability : buffer handling
Problem type : possible remote
Debian-specific: no
CVE references : CAN-2003-0693 CAN-2003-0695 CAN-2003-0682

This advisory is an addition to the earlier DSA-383-1 advisory: Solar
Designer found four more bugs in OpenSSH that may be exploitable.

For the Debian stable distribution these bugs have been fixed in version
1:3.4p1-0woody4 .

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1-0woody4.dsc
  Size/MD5 checksum:     1357 d7f2f4b66a60aec2636aaa131a04ea86
http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1.orig.tar.gz
  Size/MD5 checksum:   837668 459c1d0262e939d6432f193c7a4ba8a8
http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1-0woody4.diff.gz
  Size/MD5 checksum:   120639 8c57caab816733519f2e764ff824ea2d

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_alpha.deb
  Size/MD5 checksum:   888572 addc35a6bc52711c42ae8a1e3cf86577

arm architecture (ARM)

http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_arm.deb
  Size/MD5 checksum:   687794 c1143d02c214f8cfe4bd60ef6b8aaac5

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_hppa.deb
  Size/MD5 checksum:   789374 2bdbe110e4df220c91c927b06116c8ea

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_i386.deb
  Size/MD5 checksum:   671778 a4fe8e3f4de7c6a8048ec123f637838f

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_ia64.deb
  Size/MD5 checksum:  1049908 c420b72bc0c9a5f6c6d9b658291b7dc5

m68k architecture (Motorola Mc680x0)

http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_m68k.deb
  Size/MD5 checksum:   640920 b1df32262d6fb5cd7a1eca52c66e412f

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_mips.deb
  Size/MD5 checksum:   762850 211c9d9c0385314d49039ce8e651ea61

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_powerpc.deb
  Size/MD5 checksum:   711568 83acd76f1dd01ad7bba04f83e84e7b0e

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_s390.deb
  Size/MD5 checksum:   749104 e88e2b9601a057e9f45c6517b77701f7

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_sparc.deb
  Size/MD5 checksum:   694636 9cf84d70e306be2f4f94a86b8d41c857

Debian Security team <[email protected]>
http://www.debian.org/security/
Mailing-List: [email protected]

Related

osv 2
debiancve 3
nessus 9
openvas 8
redhat 1
suse 2
debian 4
cve 3
cisco 1
freebsd_advisory 1
cert 1
securityvulns 2
ubuntucve 2
slackware 1
osv
osv
ssh - possible remote vulnerability
2003-09-16 00:00:00
ssh-krb5 - possible remote vulnerability
2003-09-17 00:00:00
debiancve
debiancve
CVE-2003-0682
2003-10-06 04:00:00
CVE-2003-0693
2003-09-22 04:00:00
CVE-2003-0695
2003-10-06 04:00:00
nessus
nessus
RHEL 2.1 : openssh (RHSA-2003:280)
2004-07-06 00:00:00
Debian DSA-382-3 : ssh - possible remote vulnerability
2004-09-29 00:00:00
Debian DSA-383-2 : ssh-krb5 - possible remote vulnerability
2004-09-29 00:00:00
openvas
openvas
Debian Security Advisory DSA 383-2 (ssh-krb5)
2008-01-17 00:00:00
Debian Security Advisory DSA 382-3 (ssh)
2008-01-17 00:00:00
Debian Security Advisory DSA 382-2 (ssh)
2008-01-17 00:00:00
redhat
redhat
(RHSA-2003:280) openssh security update
2003-09-16 00:00:00
suse
suse
potential remote privilege escalation in openssh (second release)
2003-09-18 18:20:42
potential remote privilege escalation in openssh
2003-09-16 20:44:07
debian
debian
[SECURITY] [DSA-382-3] OpenSSH buffer management fix
2003-09-21 19:05:05
[SECURITY] [DSA-382-2] OpenSSH buffer management fix
2003-09-17 11:27:29
[SECURITY] [DSA-383-1] OpenSSH buffer management fix
2003-09-17 15:41:06
cve
cve
CVE-2003-0682
2003-10-06 04:00:00
CVE-2003-0693
2003-09-22 04:00:00
CVE-2003-0695
2003-10-06 04:00:00
cisco
cisco
OpenSSH Server Vulnerabilities
2003-09-17 07:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-03:12.openssh
2003-09-16 00:00:00
cert
cert
OpenSSH contains buffer management errors
2003-09-16 00:00:00
securityvulns
securityvulns
CERT Advisory CA-2003-24 Buffer Management Vulnerability in OpenSSH
2003-09-17 00:00:00
[ESA-20030916-023] OpenSSH buffer management error.
2003-09-16 00:00:00
ubuntucve
ubuntucve
CVE-2003-0693
2003-09-22 00:00:00
CVE-2003-0682
2003-10-06 00:00:00
slackware
slackware
New OpenSSH packages
2003-09-23 23:06:10
JSON
Related for DEBIAN:DSA-383-2:28CC6
osv2debiancve3nessus9openvas8redhat1suse2debian4cve3cisco1freebsd_advisory1cert1securityvulns2ubuntucve2slackware1