---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: Ubuntu update for openssh-server SECUNIA ADVISORY ID: SA32110 VERIFY ADVISORY: http://secunia.com/advisories/32110/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: Local system OPERATING SYSTEM: Ubuntu Linux 7.10 http://secunia.com/advisories/product/16251/ DESCRIPTION: Ubuntu has issued an update for openssh-server. This fixes a weakness, which can be exploited by malicious, local users to bypass certain security restrictions. For more information: SA29602 SOLUTION: Apply updated packages. Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.6p1-5ubuntu0.6.diff.gz Size/MD5: 200449 61de534dbe96faf221a793adf2d48cc4 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.6p1-5ubuntu0.6.dsc Size/MD5: 1215 232962cedc8d66f4c390eeb110271a16 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.6p1.orig.tar.gz Size/MD5: 946439 cee58cd226138191561fa2d484e18f49 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.6p1-5ubuntu0.6_all.deb Size/MD5: 1092 c5dc097d458b1e88b09a42890c5b9ba8 http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/ssh-krb5_4.6p1-5ubuntu0.6_all.deb Size/MD5: 80770 9eedf328da0212f39303924f06bfa241 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.6p1-5ubuntu0.6_amd64.udeb Size/MD5: 176418 18fa5b9f0b115082f42e8394f348182e http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.6p1-5ubuntu0.6_amd64.deb Size/MD5: 747234 86b643092fc58b4296450dd57bff2263 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.6p1-5ubuntu0.6_amd64.udeb Size/MD5: 193374 232089e72d8233317b504ce351366c66 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.6p1-5ubuntu0.6_amd64.deb Size/MD5: 268766 3dd934f2eae20ee1e532cd72b452e846 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.6p1-5ubuntu0.6_amd64.deb Size/MD5: 88934 653d12aab773e3ef6dc36ce2dde26aef i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.6p1-5ubuntu0.6_i386.udeb Size/MD5: 158798 96b9e3411a9d36e5d0666fa3c7d7cabe http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.6p1-5ubuntu0.6_i386.deb Size/MD5: 706288 3fd8dd728a81af02944b4e939031c3cf http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.6p1-5ubuntu0.6_i386.udeb Size/MD5: 171688 9549e26eea9999ffc740f0a129e33a57 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.6p1-5ubuntu0.6_i386.deb Size/MD5: 249754 94282f20bd4aa7396a75023e82165747 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.6p1-5ubuntu0.6_i386.deb Size/MD5: 88574 a21161382d91858fac7717dd559a600f lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openssh/openssh-client-udeb_4.6p1-5ubuntu0.6_lpia.udeb Size/MD5: 158796 dbafbeb828cb60792a06828574bde543 http://ports.ubuntu.com/pool/main/o/openssh/openssh-client_4.6p1-5ubuntu0.6_lpia.deb Size/MD5: 676846 6c4abc9c511c2d7d203bc655f66932d8 http://ports.ubuntu.com/pool/main/o/openssh/openssh-server-udeb_4.6p1-5ubuntu0.6_lpia.udeb Size/MD5: 171198 0979246745cbf49b519a904fd585d32d http://ports.ubuntu.com/pool/main/o/openssh/openssh-server_4.6p1-5ubuntu0.6_lpia.deb Size/MD5: 242990 cae913c813b2e9948c2894eae93b204c http://ports.ubuntu.com/pool/main/o/openssh/ssh-askpass-gnome_4.6p1-5ubuntu0.6_lpia.deb Size/MD5: 88578 415771b80a67c476687afd44b39668e7 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.6p1-5ubuntu0.6_powerpc.udeb Size/MD5: 180856 3de38375b673254f18483447c101ac24 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.6p1-5ubuntu0.6_powerpc.deb Size/MD5: 774458 6af53781bb77d958a18910a127ed0fb5 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.6p1-5ubuntu0.6_powerpc.udeb Size/MD5: 190268 14095d3c2485b9de89bf212c6db9169f http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.6p1-5ubuntu0.6_powerpc.deb Size/MD5: 272016 11e268a96f7fc40092756936a3be8985 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.6p1-5ubuntu0.6_powerpc.deb Size/MD5: 91288 cd791401f890b1744da17fa79bbbf4df sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.6p1-5ubuntu0.6_sparc.udeb Size/MD5: 166884 7b18ae280832b6ce1e647f7d09ec36da http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.6p1-5ubuntu0.6_sparc.deb Size/MD5: 759194 51c560a53b4ef0557619fb0551e76d73 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.6p1-5ubuntu0.6_sparc.udeb Size/MD5: 179110 4611135c98179208dfe5f2eca65f12d1 http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.6p1-5ubuntu0.6_sparc.deb Size/MD5: 276582 fce6141489be0312c10fb7f837542dbe http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.6p1-5ubuntu0.6_sparc.deb Size/MD5: 88890 113d0661557999b588060a9d35e75ed8 ORIGINAL ADVISORY: USN-649-1: http://www.ubuntu.com/usn/usn-649-1 OTHER REFERENCES: SA29602: http://secunia.com/advisories/29602/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------