Trustix Secure Linux Security Advisory #2006-0054: Multiple vulnerabilities in openssh and openssl.
7d7fccf68d4f98ce4b1d6f727cef7189498e02814248bb5a5085d6f58e0dc3bd
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2006-0054
Package names: openssh, openssl
Summary: Multiple vulnerabilities
Date: 2006-09-29
Affected versions: Trustix Secure Linux 2.2
Trustix Secure Linux 3.0
Trustix Operating System - Enterprise Server 2
- --------------------------------------------------------------------------
Package description:
openssh
Ssh (Secure Shell) is a program for logging into a remote machine and
for executing commands in a remote machine. It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
openssl
A C library that provides various crytographic algorithms and
protocols, including DES, RC4, RSA, and SSL. Includes shared libraries.
Problem description:
openssh < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New Upstream.
- SECURITY Fix: Tavis Ormandy of Google Security Team has reported a
vulnerability in OpenSSH, which can be exploited by malicious people
to cause a DoS. If ssh protocol 1 is enabled, this can be exploited
to cause a DoS due to CPU consumption by sending specially crafted
ssh packets.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2006-4924 to this issue.
openssl < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New Upstream.
- SECURITY Fix: Dr. S. N. Henson has discovered vulnerabilities in
OpenSSL which could be exploited by attackers to cause denial of
service.
- During the parsing of certain invalid ASN.1 structures an error
condition is mishandled. This can result in an infinite loop which
consumes system memory.
- Certain types of public key can take disproportionate amounts of
time to process. This could be used by an attacker in a denial of
service attack.
- Tavis Ormandy and Will Drewry of the Google Security Team has
discovered the following two vulnerabilities in OpenSSL :
- Fix buffer overflow in SSL_get_shared_ciphers() utility function
which could allow an attacker to send a list of ciphers to an
application that uses it and overrun a buffer.
- A flaw in the SSLv2 client code was discovered. When a client
application used OpenSSL to create an SSLv2 connection to a
malicious server, that server could cause the client to crash.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738
and CVE-2006-4343 to these issues.
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All Trustix Secure Linux updates are available from
<URI:https://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Questions?
Check out our mailing lists:
<URI:https://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:https://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:https://www.trustix.org/errata/trustix-2.2/> and
<URI:https://www.trustix.org/errata/trustix-3.0/>
or directly at
<URI:https://www.trustix.org/errata/2006/0054/>
MD5sums of the packages:
- --------------------------------------------------------------------------
a5faf9779658846330be8773282dee9a 3.0/rpms/openssh-4.4p1-1tr.i586.rpm
ea107d839fe1fd92a95cc36617f867d1 3.0/rpms/openssh-clients-4.4p1-1tr.i586.rpm
eb6af35b4723fdf43e4a5d503fb81eac 3.0/rpms/openssh-server-4.4p1-1tr.i586.rpm
67b5e440f4084a4b13c7d09616825c28 3.0/rpms/openssh-server-config-4.4p1-1tr.i586.rpm
95b5a4684f0a369b0608fd8cc1498689 3.0/rpms/openssl-0.9.7l-1tr.i586.rpm
4c91ef39f6e6fcf4c5f6a115ed303dc6 3.0/rpms/openssl-devel-0.9.7l-1tr.i586.rpm
4fa743c599b1360261331fbc5ac952fb 3.0/rpms/openssl-support-0.9.7l-1tr.i586.rpm
d015c23204973ef4faf7a2eda3b7cb18 2.2/rpms/openssh-4.4p1-1tr.i586.rpm
99a628780c247c3e41b3935bf00191d8 2.2/rpms/openssh-clients-4.4p1-1tr.i586.rpm
c5edde90178f272bc02eff144e5b09e7 2.2/rpms/openssh-server-4.4p1-1tr.i586.rpm
d3e5fe47d1b5f029759e91b7a546418a 2.2/rpms/openssh-server-config-4.4p1-1tr.i586.rpm
6dae40c79d72bb1ea9cd6070fcb23406 2.2/rpms/openssl-0.9.7e-8tr.i586.rpm
5bf290097a23b03d6722bd0f87ce521f 2.2/rpms/openssl-devel-0.9.7e-8tr.i586.rpm
1c2549f24bad413591c1c641191f4596 2.2/rpms/openssl-python-0.9.7e-8tr.i586.rpm
564b7888352bd078a0cfa6e7705b9b24 2.2/rpms/openssl-support-0.9.7e-8tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFFHUSli8CEzsK9IksRAueFAKCvfIGrWzJqdsHdR+oTYN+nhhcX7gCdGpsE
LkKjQ1DQlE/No6E4xt5rFLY=
=hhoM
-----END PGP SIGNATURE-----