Slackware 8.1 / 9.0 / current : New OpenSSH packages (SSA:2003-266-01)

high Nessus Plugin ID 18728

Synopsis

The remote Slackware host is missing a security update.

Description

Upgraded OpenSSH 3.7.1p2 packages are available for Slackware 8.1, 9.0 and -current. This fixes security problems with PAM authentication. It also includes several code cleanups from Solar Designer. Slackware is not vulnerable to the PAM problem, and it is not believed that any of the other code cleanups fix exploitable security problems, not nevertheless sites may wish to upgrade. These are some of the more interesting entries from OpenSSH's ChangeLog so you can be the judge: [buffer.c] protect against double free; #660;
zardoz at users.sf.net - [email protected] 2003/09/18 08:49:45 [deattack.c misc.c session.c ssh-agent.c] more buffer allocation fixes; from Solar Designer; CAN-2003-0682; ok millert@ - (djm) Bug #676: Fix PAM stack corruption - (djm) Fix bad free() in PAM code

Solution

Update the affected openssh package.

See Also

http://www.nessus.org/u?d0bae0a9

Plugin Details

Severity: High

ID: 18728

File Name: Slackware_SSA_2003-266-01.nasl

Version: 1.17

Type: local

Published: 7/13/2005

Updated: 1/14/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:slackware:slackware_linux:openssh, cpe:/o:slackware:slackware_linux, cpe:/o:slackware:slackware_linux:8.1, cpe:/o:slackware:slackware_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages

Patch Publication Date: 9/24/2003

Vulnerability Publication Date: 9/16/2003

Reference Information

SSA: 2003-266-01