|
Family: Slackware Local Security Checks --> Category: infos
SSA-2003-266-01 New OpenSSH packages Vulnerability Scan
Vulnerability Scan Summary SSA-2003-266-01 New OpenSSH packages
Detailed Explanation for this Vulnerability Test
Upgraded OpenSSH 3.7.1p2 packages are available for Slackware 8.1,
9.0 and -current. This fixes security problems with PAM
authentication. It also includes several code cleanups from Solar
Designer.
Slackware is not vulnerable to the PAM problem, and it is not
believed that any of the other code cleanups fix exploitable
security problems, not nevertheless sites may wish to upgrade.
These are some of the more interesting entries from OpenSSH's
ChangeLog so you can be the judge:
[buffer.c]
protect against double free
#660
zardoz at users.sf.net
- markus@cvs.openbsd.org 2003/09/18 08:49:45
[deattack.c misc.c session.c ssh-agent.c]
more buffer allocation fixes
from Solar Designer
CVE-2003-0682
ok millert@
- (djm) Bug #676: Fix PAM stack corruption
- (djm) Fix bad free() in PAM code
Click HERE for more information and discussions on this network vulnerability scan.
|