---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Mandriva update for openssh SECUNIA ADVISORY ID: SA22245 VERIFY ADVISORY: http://secunia.com/advisories/22245/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: Mandriva Linux 2006 http://secunia.com/product/9020/ Mandriva Linux 2007 http://secunia.com/product/12165/ DESCRIPTION: Mandriva has issued an update for openssh. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA22091 SA22173 SOLUTION: Apply updated packages. Mandriva Linux 2006 1280b30b3520a9ca5c2e6a716a770a0c 2006.0/i586/openssh-4.3p1-0.3.20060mdk.i586.rpm 007b28a957c4537d6ed196d2b2367c1e 2006.0/i586/openssh-askpass-4.3p1-0.3.20060mdk.i586.rpm 280b2c0b27ef2387110d363493be892f 2006.0/i586/openssh-askpass-gnome-4.3p1-0.3.20060mdk.i586.rpm 3a41abc407c20928f672223c67d06c36 2006.0/i586/openssh-clients-4.3p1-0.3.20060mdk.i586.rpm 063589a511985d4127e03c349fa23330 2006.0/i586/openssh-server-4.3p1-0.3.20060mdk.i586.rpm 6f11187f048ef296607c54c1c92e7c24 2006.0/SRPMS/openssh-4.3p1-0.3.20060mdk.src.rpm Mandriva Linux 2006/X86_64 68bc6ad235e0534bc57e180b90c33bdb 2006.0/x86_64/openssh-4.3p1-0.3.20060mdk.x86_64.rpm d0668a2d76eb927afcaa4897fc509f91 2006.0/x86_64/openssh-askpass-4.3p1-0.3.20060mdk.x86_64.rpm 502b3088f7f55d3de57b2278b5452a5a 2006.0/x86_64/openssh-askpass-gnome-4.3p1-0.3.20060mdk.x86_64.rpm 2551d84521716a9b6702a98b9d121b9d 2006.0/x86_64/openssh-clients-4.3p1-0.3.20060mdk.x86_64.rpm c8627d7e04e87c1e5bed7d0b744b2ad2 2006.0/x86_64/openssh-server-4.3p1-0.3.20060mdk.x86_64.rpm 6f11187f048ef296607c54c1c92e7c24 2006.0/SRPMS/openssh-4.3p1-0.3.20060mdk.src.rpm Mandriva Linux 2007 9687bdb4f2865c2765da0f01efda87ef 2007.0/i586/openssh-4.3p2-12.1mdv2007.0.i586.rpm 40f80b906c0e9ec5d2d6622ce7efc3fd 2007.0/i586/openssh-askpass-4.3p2-12.1mdv2007.0.i586.rpm b50bae14a353fdd3ca632096467a51cd 2007.0/i586/openssh-askpass-common-4.3p2-12.1mdv2007.0.i586.rpm 0d393f5af4f97c0ca2073c3f11628a40 2007.0/i586/openssh-askpass-gnome-4.3p2-12.1mdv2007.0.i586.rpm 084d0fa10aa7daa1aaea59cb2efc9494 2007.0/i586/openssh-clients-4.3p2-12.1mdv2007.0.i586.rpm 07f0a46845c178b78549c0734074407f 2007.0/i586/openssh-server-4.3p2-12.1mdv2007.0.i586.rpm c9ccf40372c7c2b0eca968aec9f9385d 2007.0/SRPMS/openssh-4.3p2-12.1mdv2007.0.src.rpm Mandriva Linux 2007/X86_64 a1ed25a9f53038434574b3ce921eac1a 2007.0/x86_64/openssh-4.3p2-12.1mdv2007.0.x86_64.rpm d9acf43a28f105d80fcd7a12535efdda 2007.0/x86_64/openssh-askpass-4.3p2-12.1mdv2007.0.x86_64.rpm ed6488abb9c621dab762307136493969 2007.0/x86_64/openssh-askpass-common-4.3p2-12.1mdv2007.0.x86_64.rpm ef48a28c45ec44dc1f20eb0ee26f4877 2007.0/x86_64/openssh-askpass-gnome-4.3p2-12.1mdv2007.0.x86_64.rpm 80c7ee2ccb6ac35fe1b893cb58b092cd 2007.0/x86_64/openssh-clients-4.3p2-12.1mdv2007.0.x86_64.rpm 217eb2fbf7574aa34a592e54d527f8dd 2007.0/x86_64/openssh-server-4.3p2-12.1mdv2007.0.x86_64.rpm c9ccf40372c7c2b0eca968aec9f9385d 2007.0/SRPMS/openssh-4.3p2-12.1mdv2007.0.src.rpm ORIGINAL ADVISORY: http://www.mandriva.com/security/advisories?name=MDKSA-2006:179 OTHER REFERENCES: SA22091: http://secunia.com/advisories/22091/ SA22173: http://secunia.com/advisories/22173/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------