Slackware 8.1 / 9.0 / current : New OpenSSH packages (SSA:2003-266-01)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.

Synopsis :

The remote Slackware host is missing a security update.

Description :

Upgraded OpenSSH 3.7.1p2 packages are available for Slackware 8.1,
9.0 and -current. This fixes security problems with PAM
authentication. It also includes several code cleanups from Solar
Designer. Slackware is not vulnerable to the PAM problem, and it is
not believed that any of the other code cleanups fix exploitable
security problems, not nevertheless sites may wish to upgrade. These
are some of the more interesting entries from OpenSSH's ChangeLog so
you can be the judge: [buffer.c] protect against double free

zardoz at - 2003/09/18 08:49:45
[deattack.c misc.c session.c ssh-agent.c] more buffer allocation
from Solar Designer
ok millert@ - (djm) Bug
#676: Fix PAM stack corruption - (djm) Fix bad free() in PAM code

See also :

Solution :

Update the affected openssh package.

Risk factor :


Family: Slackware Local Security Checks

Nessus Plugin ID: 18728 ()

Bugtraq ID: