Bug 104496
Summary: | CAN-2003-0693 OpenSSH buffer allocation bug | ||||||
---|---|---|---|---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Mark J. Cox <mjc> | ||||
Component: | openssh | Assignee: | Nalin Dahyabhai <nalin> | ||||
Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 9 | CC: | dan, kajtzu, link, m.a.young, michael, nobody+pnasrat, sean | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2003-09-16 18:01:34 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Mark J. Cox
2003-09-16 13:48:24 UTC
*** Bug 104495 has been marked as a duplicate of this bug. *** Have y'all patched anything else that was not included in this patch: http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1.1.1.6&r2=1.1.1.7&f=u ? Just trying to find out if pushing what I have is sufficient or if there is something else announced privately that I'm missing. thanks According to a message posted to openbsd-misc by Markus Friedl <markus> that's enough: <http://marc.theaimsgroup.com/?l=openbsd-misc&m=106371592604940&w=2> Created attachment 94524 [details]
patch for openssh 3.1 systems like rhl 7.X
patch for openssh 3.1 systems like rhl 7.x - the provided patch from friedl
just needed a little modfication.
I know something like this will be in red hat's errata but can't hurt to add it
here for others.
An errata has been issued which should help the problem described in the above bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2003-279.htm Mark - your link is bad. Error 404. Are you aware that openssh have revised their advisory and released 3.7.1 - it looks like they are fixing the problem in more cases. See bug 104551 for these additional issues. |