Yellow Dog Linux Security Announcement -------------------------------------- Package: openssh Issue Date: June 26, 2002 Priority: high Advisory ID: YDU-20020626-2 1. Topic: Updated openssh packages are available. 2. Problem: OpenSSH contains a serious input validation error that can result in an integer overflow and privilege escalation. Terra Soft has patched OpenSSH to correct this problem via the patches provided by the OpenSSH team. For more details, see the OpenSSH teams' security advisory at http://lwn.net/Articles/3531/. All users of OpenSSH are urged to install these updates packages as soon as possible. 3. Solution: a) Updating via apt... We suggest that you use the apt-get program to keep your system up-to-date. The following command(s) will retrieve and install the fixed version of this update onto your system: apt-get update apt-get install openssh b) Updating manually... Download the updates below for your version of Yellow Dog Linux and then run the following rpm command. (Please use a mirror site) rpm -Fvh [filenames] Yellow Dog Linux 2.3 ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/ ppc/openssh-3.1p1-2.3a.ppc.rpm ppc/openssh-askpass-3.1p1-2.3a.ppc.rpm ppc/openssh-askpass-gnome-3.1p1-2.3a.ppc.rpm ppc/openssh-clients-3.1p1-2.3a.ppc.rpm ppc/openssh-server-3.1p1-2.3a.ppc.rpm Yellow Dog Linux 2.2 ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.2/ ppc/openssh-3.1p1-2.2a.ppc.rpm ppc/openssh-askpass-3.1p1-2.2a.ppc.rpm ppc/openssh-askpass-gnome-3.1p1-2.2a.ppc.rpm ppc/openssh-clients-3.1p1-2.2a.ppc.rpm ppc/openssh-server-3.1p1-2.2a.ppc.rpm 4. Verification MD5 checksum Package -------------------------------- ---------------------------- [Yellow Dog Linux 2.3] 1c5cdd3c8834f4525624287f06c59510 SRPMS/openssh-3.1p1-2.3a.src.rpm 5fefe116bc9f62e7a9e93fe672fe5930 ppc/openssh-3.1p1-2.3a.ppc.rpm f50b95521a8ca186873e8237c97ac50a ppc/openssh-askpass-3.1p1-2.3a.ppc.rpm 132873ac82c23a27cfea6628a00b64d9 ppc/openssh-askpass-gnome-3.1p1-2.3a.ppc.rpm c4d289d5eecb3a4274b9f47346a8d95d ppc/openssh-clients-3.1p1-2.3a.ppc.rpm 7135bf2e7ceb47110603b3a6d6891268 ppc/openssh-server-3.1p1-2.3a.ppc.rpm [Yellow Dog Linux 2.2] dc0fff066d8c17166e3c15d412e0a028 SRPMS/openssh-3.1p1-2.2a.src.rpm bfb8dcd0b561071549ba33cc21a31f25 ppc/openssh-3.1p1-2.2a.ppc.rpm 080141a7303d875b4243311d362aad00 ppc/openssh-askpass-3.1p1-2.2a.ppc.rpm fe8619a32100757230df1e8ed9db8bdc ppc/openssh-askpass-gnome-3.1p1-2.2a.ppc.rpm 9a249fdb84a751e3f36fda3f2e367ced ppc/openssh-clients-3.1p1-2.2a.ppc.rpm a17be4f11492e30b06141b21ae22f121 ppc/openssh-server-3.1p1-2.2a.ppc.rpm If you wish to verify that each package has not been corrupted or tampered with, examine the md5sum with the following command: rpm --checksig --nogpg filename 5. Misc. Terra Soft has setup a moderated mailing list where these security, bugfix, and package enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more information. For information regarding the usage of apt-get, see: http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml