Slackware 8.1 / 9.0 / current : New OpenSSH packages (SSA:2003-266-01)

High Nessus Plugin ID 18728


The remote Slackware host is missing a security update.


Upgraded OpenSSH 3.7.1p2 packages are available for Slackware 8.1, 9.0 and -current. This fixes security problems with PAM authentication. It also includes several code cleanups from Solar Designer. Slackware is not vulnerable to the PAM problem, and it is not believed that any of the other code cleanups fix exploitable security problems, not nevertheless sites may wish to upgrade. These are some of the more interesting entries from OpenSSH's ChangeLog so you can be the judge: [buffer.c] protect against double free; #660;
zardoz at - [email protected] 2003/09/18 08:49:45 [deattack.c misc.c session.c ssh-agent.c] more buffer allocation fixes; from Solar Designer; CAN-2003-0682; ok [email protected] - (djm) Bug #676: Fix PAM stack corruption - (djm) Fix bad free() in PAM code


Update the affected openssh package.

See Also

Plugin Details

Severity: High

ID: 18728

File Name: Slackware_SSA_2003-266-01.nasl

Version: $Revision: 1.12 $

Type: local

Published: 2005/07/13

Modified: 2013/06/01

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:slackware:slackware_linux:openssh, cpe:/o:slackware:slackware_linux, cpe:/o:slackware:slackware_linux:8.1, cpe:/o:slackware:slackware_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages

Patch Publication Date: 2003/09/24

Vulnerability Publication Date: 2003/09/16

Reference Information

OSVDB: 6601

SSA: 2003-266-01