Red Hat Network has determined that the following advisory is applicable to
one or more of the systems you have registered with the Software Manager
service:
Security Advisory - RHSA-2001:161-08
------------------------------------------------------------------------------
Summary:
Updated OpenSSH packages available
Description:
When the "UseLogin" option is enabled in OpenSSH, a malicious user who
authenticates using key-based authentication methods can influence the
environment variables passed to the login process. This could
allow the user to execute arbitrary code with superuser privileges.
In Red Hat Linux the OpenSSH server has the "UseLogin" option disabled
by default. Therefore, it is not vulnerable unless the system administrator
has changed this setting.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2001-0872 to this issue.
------------------------------------------------------------------------------
-------------
Taking Action
-------------
You may address the issues outlined in this advisory in two ways:
- log in to Red Hat Network at https://rhn.redhat.com and from the
listing showing under 'Your RHN' select the affected servers and
download or schedule a package update for that system.
- run the Update Agent on the affected machine.
---------------------------------
Changing Notification Preferences
---------------------------------
To enable/disable your Errata Alert preferences globally please log in to RHN
and navigate from "Your RHN" / "Your Account" to the "Preferences" tab.
You can also enable/disable notification on a per system basis by selecting an
individual system from the "Systems List". From the individual system view
click the "Details" tab.
---------------------
Affected Systems List
---------------------
This Errata Advisory may apply to the systems listed below. If you know that
this errata does not apply to a system listed, it might be possible that the
package profile for that server is out of date. In that case you should run
'up2date -p' as root on the system in question to refresh your software profile.
There is 1 affected system registered in 'Your RHN' (only systems for
which you have explicitly enabled Errata Alerts are shown).
Release Arch Profile Name
-------- -------- ------------
7.2 i686 chargerccsaaoc1
The Red Hat Network Team
This message is being sent by Red Hat Network Alert to:
RHN user login: mpmpmWWW
Email address on file: <[EMAIL PROTECTED]>
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listmanager.unipi.it/mailman/listinfo/ntop
