---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: Mandriva update for openssh SECUNIA ADVISORY ID: SA22814 VERIFY ADVISORY: http://secunia.com/advisories/22814/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: >From remote OPERATING SYSTEM: Mandriva Linux 2007 http://secunia.com/product/12165/ Mandriva Linux 2006 http://secunia.com/product/9020/ DESCRIPTION: Mandriva has issued an update for openssh. This fixes a weakness, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA22771 SOLUTION: Apply updated packages. Mandriva Linux 2006 97d55a01498ae859817c236d6be17bb5 2006.0/i586/openssh-4.3p1-0.4.20060mdk.i586.rpm a47c9f8361c91de4c97b827171f379be 2006.0/i586/openssh-askpass-4.3p1-0.4.20060mdk.i586.rpm 6a18e82f1251073d4f17bcb653a8da4a 2006.0/i586/openssh-askpass-gnome-4.3p1-0.4.20060mdk.i586.rpm 36995045f95028848691226a3624d701 2006.0/i586/openssh-clients-4.3p1-0.4.20060mdk.i586.rpm 598feb16c5b77c20b8d8e364a6d0a83e 2006.0/i586/openssh-server-4.3p1-0.4.20060mdk.i586.rpm 3c4642aa46959520d6374c5dd55c2488 2006.0/SRPMS/openssh-4.3p1-0.4.20060mdk.src.rpm Mandriva Linux 2006/X86_64 d5d932876aab273d0734de9a156f3514 2006.0/x86_64/openssh-4.3p1-0.4.20060mdk.x86_64.rpm 4d921a0e4c743b78824c100e49480a43 2006.0/x86_64/openssh-askpass-4.3p1-0.4.20060mdk.x86_64.rpm 79d975ab47eb58aa39350d0cb56a3507 2006.0/x86_64/openssh-askpass-gnome-4.3p1-0.4.20060mdk.x86_64.rpm 52eb00190b757e7ca842fad40e34cdec 2006.0/x86_64/openssh-clients-4.3p1-0.4.20060mdk.x86_64.rpm 25bb2488c0c460ca2ee28814b5902d6f 2006.0/x86_64/openssh-server-4.3p1-0.4.20060mdk.x86_64.rpm 3c4642aa46959520d6374c5dd55c2488 2006.0/SRPMS/openssh-4.3p1-0.4.20060mdk.src.rpm Mandriva Linux 2007 685ed779bc6e5b069456c1a1ec3cbde0 2007.0/i586/openssh-4.5p1-0.1mdv2007.0.i586.rpm 22384a44c965285f8077624d7d35c2aa 2007.0/i586/openssh-askpass-4.5p1-0.1mdv2007.0.i586.rpm eb05d1b12e62a590d6a627ea9a058a1a 2007.0/i586/openssh-askpass-common-4.5p1-0.1mdv2007.0.i586.rpm 31de85b9ec2be0990e03f0e52350a826 2007.0/i586/openssh-askpass-gnome-4.5p1-0.1mdv2007.0.i586.rpm 9a17d425bdd1e7d62ecc96dccbb25aaf 2007.0/i586/openssh-clients-4.5p1-0.1mdv2007.0.i586.rpm d93dc4b53d3e9a683dc5878ae5bf3139 2007.0/i586/openssh-server-4.5p1-0.1mdv2007.0.i586.rpm 48dfb1f18e3a82ba39fc5dcdbc98ac9b 2007.0/SRPMS/openssh-4.5p1-0.1mdv2007.0.src.rpm Mandriva Linux 2007/X86_64 083b3ffdb875a5f053c41bc8913b9bea 2007.0/x86_64/openssh-4.5p1-0.1mdv2007.0.x86_64.rpm 3e096fa50c7440c76f748c9d6c76f551 2007.0/x86_64/openssh-askpass-4.5p1-0.1mdv2007.0.x86_64.rpm a0b32fd47e7b00b3240ae94a3e555915 2007.0/x86_64/openssh-askpass-common-4.5p1-0.1mdv2007.0.x86_64.rpm 8c200957e509389151a07b56b2a1b9d2 2007.0/x86_64/openssh-askpass-gnome-4.5p1-0.1mdv2007.0.x86_64.rpm cb15557e3e324dfd9a4c4739f2513989 2007.0/x86_64/openssh-clients-4.5p1-0.1mdv2007.0.x86_64.rpm 0a4aedec1aee0c6449eb4258e98417ab 2007.0/x86_64/openssh-server-4.5p1-0.1mdv2007.0.x86_64.rpm 48dfb1f18e3a82ba39fc5dcdbc98ac9b 2007.0/SRPMS/openssh-4.5p1-0.1mdv2007.0.src.rpm ORIGINAL ADVISORY: http://www.mandriva.com/security/advisories?name=MDKSA-2006:204 OTHER REFERENCES: SA22771: http://secunia.com/advisories/22771/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------