Red Hat Bugzilla – Bug 104496
CAN-2003-0693 OpenSSH buffer allocation bug
Last modified: 2014-01-21 17:48:43 EST
A bug has been found in the buffer code in OpenSSH. It is not yet clear if this
could be exploited by an attacker but several possible attack vectors are under
evaluation. A patch from the OpenBSD team is available.
RHSA-2003:279 in progress.
*** Bug 104495 has been marked as a duplicate of this bug. ***
Have y'all patched anything else that was not included in this patch:
Just trying to find out if pushing what I have is sufficient or if there is
something else announced privately that I'm missing.
According to a message posted to openbsd-misc by Markus Friedl
<email@example.com> that's enough:
Created attachment 94524 [details]
patch for openssh 3.1 systems like rhl 7.X
patch for openssh 3.1 systems like rhl 7.x - the provided patch from friedl
just needed a little modfication.
I know something like this will be in red hat's errata but can't hurt to add it
here for others.
An errata has been issued which should help the problem described in the above
This report is therefore being closed with a resolution of ERRATA. For more
on the solution and/or where to find the updated files, please follow the link
You may reopen this bug report if the solution does not work for you.
Mark - your link is bad.
Are you aware that openssh have revised their advisory and released 3.7.1 - it
looks like they are fixing the problem in more cases.
See bug 104551 for these additional issues.