(linux-br) Fw: [SECURITY-L] OpenSSH 3.4 released

Alexandre Wed, 26 Jun 2002 11:16:20 -0700

Amigos,

Para conhecimentos de  todos,

Abra�o

Alexandre

----- Original Message -----
From: Daniela Regina Barbetti Silva
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Wednesday, June 26, 2002 1:09 PM
Subject: [SECURITY-L] OpenSSH 3.4 released

Srs Administradores,

   Foi descoberto um bug s�rio de seguran�a no OpenSSH (versoes 2.9.9
   a 3.3).
   Orientamos que seja dado um upgrade, o mais rapido possivel, para a
   versao 3.4.

   Se nao for possivel fazer o upgrade de imediato entao altere
   a configuracao do sshd para evitar possiveis invasoes:
   - Editar o arquivo /etc/ssh/sshd_config
   - Incluir a linha "ChallengeResponseAuthentication no"
   - Restartar o sshd:
     - kill -9 <numero_do_processo_do_sshd>
     - /usr/sbin/sshd

--
Equipe de Seguranca em Sistemas e Redes
Unicamp - Universidade Estadual de Campinas
mailto:[EMAIL PROTECTED]
http://www.security.unicamp.br

----- Forwarded message from Markus Friedl <[EMAIL PROTECTED]> -----

From: Markus Friedl <[EMAIL PROTECTED]>
Subject: [S] OpenSSH 3.4 released
To: [EMAIL PROTECTED]
Date: Wed, 26 Jun 2002 16:40:27 +0200

OpenSSH 3.4 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.

We would like to thank the OpenSSH community for their continued
support and encouragement.

Changes since OpenSSH 3.3:
============================

Security Changes:
=================

  All versions of OpenSSH's sshd between 2.9.9 and 3.3
  contain an input validation error that can result in
  an integer overflow and privilege escalation.

  OpenSSH 3.4 fixes this bug.

  In addition, OpenSSH 3.4 adds many checks to detect
  invalid input and mitigate resource exhaustion attacks.

  OpenSSH 3.2 and later prevent privilege escalation
  if UsePrivilegeSeparation is enabled in sshd_config.
  OpenSSH 3.3 enables UsePrivilegeSeparation by
  default.

Reporting Bugs:
===============

- please read http://www.openssh.com/report.html
  and http://bugzilla.mindrot.org/

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller and Ben Lindstrom.

----- End forwarded message -----

_______________________________________________
SECURITY-L mailing list
http://obelix.unicamp.br/mailman/listinfo/security-l

Assinantes em 26/06/2002: 2227
Mensagens recebidas desde 07/01/1999: 172745
Historico e [des]cadastramento: http://linux-br.conectiva.com.br
Assuntos administrativos e problemas com a lista: 
            mailto:[EMAIL PROTECTED]

(linux-br) Fw: [SECURITY-L] OpenSSH 3.4 released

Responder a