[slackware-security] openssh

New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:

patches/packages/openssh-6.6p1-i486-1_slack14.1.txz: Upgraded.
This update fixes a security issue when using environment passing with
a sshd_config(5) AcceptEnv pattern with a wildcard. OpenSSH could be
tricked into accepting any environment variable that contains the
characters before the wildcard character.
For more information, see:
https://vulners.com/cve/CVE-2014-2532
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssh-5.9p1-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssh-5.9p1-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssh-5.9p1-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssh-5.9p1-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssh-5.9p1-i486-3_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssh-5.9p1-x86_64-3_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssh-6.6p1-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssh-6.6p1-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssh-6.6p1-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssh-6.6p1-x86_64-1_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-6.6p1-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssh-6.6p1-x86_64-1.txz

MD5 signatures:

Slackware 13.0 package:
0729d3be6a1886c2462522110333abc0 openssh-5.9p1-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
a474f048de648347207bacb21b5f8f28 openssh-5.9p1-x86_64-1_slack13.0.txz

Slackware 13.1 package:
8df387cdf44f359a9de7c3e40ea321c6 openssh-5.9p1-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
e7eb361401849bbcfb0e20ea17181836 openssh-5.9p1-x86_64-1_slack13.1.txz

Slackware 13.37 package:
8404668d896f81b44ddd5e6e2985f590 openssh-5.9p1-i486-3_slack13.37.txz

Slackware x86_64 13.37 package:
b50bb951453824e53dcddbdf1d571561 openssh-5.9p1-x86_64-3_slack13.37.txz

Slackware 14.0 package:
755d1ec29f80ac40636741ddf618715a openssh-6.6p1-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
cc74307ab8875a8fa04a87f18b0cd216 openssh-6.6p1-x86_64-1_slack14.0.txz

Slackware 14.1 package:
1dcb917e01fa83d1cabd59378c81dd32 openssh-6.6p1-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
dfb1f98206ce1e2300fea647a5281486 openssh-6.6p1-x86_64-1_slack14.1.txz

Slackware -current package:
7a5f7c123c397d040fff868afbf86e8b n/openssh-6.6p1-i486-1.txz

Slackware x86_64 -current package:
e6d3cced2c7c9e642d8982b27295a408 n/openssh-6.6p1-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg openssh-6.6p1-i486-1_slack14.1.txz

Next, restart the sshd daemon:
> sh /etc/rc.d/rc.sshd restart