From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-AU; rv:1.5a) Gecko/20030801 Mozilla Firebird/0.6.1 Description of problem: Buffer managment errors have been discorever in OpenSSH 3.7.0 and below, this has been said to be remotely exploitable. OpenSSH should therefore be upgraded to 3.7.1 in rawhide and no doubt in RedHat Linux 9.0, 8.0, 7.3, 7.2, 7.1. Version-Release number of selected component (if applicable): openssh-3.6.1p2-4 How reproducible: Always Steps to Reproduce: 1.See description 2. 3. Actual Results: See description Expected Results: See description Additional info: http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375456923804&w=2 http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375452423794&w=2 http://slashdot.org/article.pl?sid=03/09/16/1327248&mode=nested&tid=126&tid=172
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/channels.c.diff?r1=1.194&r2=1.195&f=h These are the changes that need to be made. This is a very similar fix to yesterday's buffer.c patch which does need to be applied to yesterday's errata.
*** This bug has been marked as a duplicate of 104551 ***
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.