Slackware 8.1 / 9.0 / current : New OpenSSH packages (SSA:2003-266-01)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote Slackware host is missing a security update.

Description :

Upgraded OpenSSH 3.7.1p2 packages are available for Slackware 8.1,
9.0 and -current. This fixes security problems with PAM
authentication. It also includes several code cleanups from Solar
Designer. Slackware is not vulnerable to the PAM problem, and it is
not believed that any of the other code cleanups fix exploitable
security problems, not nevertheless sites may wish to upgrade. These
are some of the more interesting entries from OpenSSH's ChangeLog so
you can be the judge: [buffer.c] protect against double free
#660

zardoz at users.sf.net - markus@cvs.openbsd.org 2003/09/18 08:49:45
[deattack.c misc.c session.c ssh-agent.c] more buffer allocation
fixes
from Solar Designer
CAN-2003-0682
ok millert@ - (djm) Bug
#676: Fix PAM stack corruption - (djm) Fix bad free() in PAM code

See also :

http://www.nessus.org/u?d0bae0a9

Solution :

Update the affected openssh package.

Risk factor :

High

Family: Slackware Local Security Checks

Nessus Plugin ID: 18728 ()

Bugtraq ID:

CVE ID: