Slackware 8.1 / 9.0 / current : New OpenSSH packages (SSA:2003-266-01)
High Nessus Plugin ID 18728
SynopsisThe remote Slackware host is missing a security update.
DescriptionUpgraded OpenSSH 3.7.1p2 packages are available for Slackware 8.1, 9.0 and -current. This fixes security problems with PAM authentication. It also includes several code cleanups from Solar Designer. Slackware is not vulnerable to the PAM problem, and it is not believed that any of the other code cleanups fix exploitable security problems, not nevertheless sites may wish to upgrade. These are some of the more interesting entries from OpenSSH's ChangeLog so you can be the judge: [buffer.c] protect against double free; #660;
zardoz at users.sf.net - [email protected] 2003/09/18 08:49:45 [deattack.c misc.c session.c ssh-agent.c] more buffer allocation fixes; from Solar Designer; CAN-2003-0682; ok [email protected] - (djm) Bug #676: Fix PAM stack corruption - (djm) Fix bad free() in PAM code
SolutionUpdate the affected openssh package.