Debian Update für openssh - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

Debian Update für openssh

Secunia Advisory:	SA30249
Herausgegeben:	2008-05-14
Last Update:	2008-05-19

Gefahrenstufe:	Mittelgradig kritisch
Auswirkung:	Sicherheitsumgehung Enthüllung von sensiblen Informationen
Von Wo:	Aus dem Internet
Lösungsstatus:	Hersteller-Patch

OS:	Debian GNU/Linux 4.0 Debian GNU/Linux unstable alias sid


CVE reference:	CVE-2007-4752 (Secunia mirror) CVE-2008-0166 (Secunia mirror) CVE-2008-1483 (Secunia mirror)

	Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS!

Beschreibung: Debian hat ein Update für openssh herausgegeben. Dieses behebt eine Sicherheitslücke, die böswillige lokale Benutzer ausnutzen können, um potenziell sensible Informationen zu enthüllen, und ein Sicherheitsproblem, das zu schwachen kryptographischen Schlüsseln führen kann. Weitere Informationen: SA29522 SA30220 Lösung: Verwenden Sie die aktualisierten Pakete und erzeugen Sie alle kryptographischen Schlüssel erneut (beachten Sie das Advisory des Herstellers für weitere Informationen). -- Debian GNU/Linux 4.0 alias etch -- Source archives: http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch2.dsc Size/MD5 checksum: 1010 7bcad5f65ff1722db7c431d3a25e8578 http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2.orig.tar.gz Size/MD5 checksum: 920186 239fc801443acaffd4c1f111948ee69c http://security.debian.org/pool/updat.../openssh/openssh_4.3p2-9etch2.diff.gz Size/MD5 checksum: 276621 27984546be5ba87687ae6e7e5df36578 Architecture independent packages: http://security.debian.org/pool/updat...openssh/ssh-krb5_4.3p2-9etch2_all.deb Size/MD5 checksum: 92022 1cd59a62eb401f21421f13a6caf3d509 http://security.debian.org/pool/updates/main/o/openssh/ssh_4.3p2-9etch2_all.deb Size/MD5 checksum: 1052 b096153814cc8949820d9958f8b81a00 alpha architecture (DEC Alpha) http://security.debian.org/pool/updat...-askpass-gnome_4.3p2-9etch2_alpha.deb Size/MD5 checksum: 100498 2fa04ed9e0ee9625f28964938cc19b64 http://security.debian.org/pool/updat...openssh-client_4.3p2-9etch2_alpha.deb Size/MD5 checksum: 782726 0c48b38fc56cdaedb3d4a1eab9ecd25d http://security.debian.org/pool/updat...h-server-udeb_4.3p2-9etch2_alpha.udeb Size/MD5 checksum: 213728 ff4b07cb720fb26210c3a49213737168 http://security.debian.org/pool/updat...openssh-server_4.3p2-9etch2_alpha.deb Size/MD5 checksum: 266510 113583573c885f7baa40b9a78933c6aa http://security.debian.org/pool/updat...h-client-udeb_4.3p2-9etch2_alpha.udeb Size/MD5 checksum: 198498 6dd01cb3b4fe5cf3726142f429281187 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updat...-askpass-gnome_4.3p2-9etch2_amd64.deb Size/MD5 checksum: 100106 b4dc14aee0a9c94d96e3b392a2dd61e8 http://security.debian.org/pool/updat...openssh-client_4.3p2-9etch2_amd64.deb Size/MD5 checksum: 711910 dc68b26b2810e7f47e3fa419c262bc07 http://security.debian.org/pool/updat...openssh-server_4.3p2-9etch2_amd64.deb Size/MD5 checksum: 245522 b02dc226eb5aae330b08429a17f0eef6 http://security.debian.org/pool/updat...h-server-udeb_4.3p2-9etch2_amd64.udeb Size/MD5 checksum: 183854 fa96f8d05d380a6053672de0a6bd30c1 http://security.debian.org/pool/updat...h-client-udeb_4.3p2-9etch2_amd64.udeb Size/MD5 checksum: 171334 b2eafdc135649523828db8416f22617d arm architecture (ARM) http://security.debian.org/pool/updat...h/openssh-server_4.3p2-9etch2_arm.deb Size/MD5 checksum: 218980 6065fa1195e74549c7dd66fbe2b41718 http://security.debian.org/pool/updat...sh-askpass-gnome_4.3p2-9etch2_arm.deb Size/MD5 checksum: 99668 c6260735e7d50c21e19d01702b4e45bb http://security.debian.org/pool/updat...h/openssh-client_4.3p2-9etch2_arm.deb Size/MD5 checksum: 650608 42d8f87667ffd3fdccb26ec5c8d775ac http://security.debian.org/pool/updat...ssh-server-udeb_4.3p2-9etch2_arm.udeb Size/MD5 checksum: 171666 4bc55e6d06de4f0bda2771ad78770d27 http://security.debian.org/pool/updat...ssh-client-udeb_4.3p2-9etch2_arm.udeb Size/MD5 checksum: 164870 f82b52267f503acfdf3f7ad1b40b0555 hppa architecture (HP PA RISC) http://security.debian.org/pool/updat...sh-client-udeb_4.3p2-9etch2_hppa.udeb Size/MD5 checksum: 189624 351333a1ca9d92e389b0197ec2cca869 http://security.debian.org/pool/updat.../openssh-client_4.3p2-9etch2_hppa.deb Size/MD5 checksum: 733002 47e84be664670a3ad083d2a3f90c3124 http://security.debian.org/pool/updat...h-askpass-gnome_4.3p2-9etch2_hppa.deb Size/MD5 checksum: 100460 335b7aed705d4b8a1b9f96a5f6f9ec37 http://security.debian.org/pool/updat...sh-server-udeb_4.3p2-9etch2_hppa.udeb Size/MD5 checksum: 198168 ec7f163eb74e84d4a8605e54715acc6a http://security.debian.org/pool/updat.../openssh-server_4.3p2-9etch2_hppa.deb Size/MD5 checksum: 249924 7ead727d52913c1ff8630e383f6ea48c i386 architecture (Intel ia32) http://security.debian.org/pool/updat.../openssh-server_4.3p2-9etch2_i386.deb Size/MD5 checksum: 223706 68ed0ebd125d47d1406095a818fac0f8 http://security.debian.org/pool/updat...sh-server-udeb_4.3p2-9etch2_i386.udeb Size/MD5 checksum: 162630 a032adc78b967a09180c480143022e93 http://security.debian.org/pool/updat...h-askpass-gnome_4.3p2-9etch2_i386.deb Size/MD5 checksum: 99688 949ba4673d2a74126a485098f29a6a96 http://security.debian.org/pool/updat.../openssh-client_4.3p2-9etch2_i386.deb Size/MD5 checksum: 659896 b15d0dd5cc67362833a2c7853bdff958 http://security.debian.org/pool/updat...sh-client-udeb_4.3p2-9etch2_i386.udeb Size/MD5 checksum: 154018 4af4893e4eb970c8b005bfee3a1896d5 ia64 architecture (Intel ia64) http://security.debian.org/pool/updat...sh-client-udeb_4.3p2-9etch2_ia64.udeb Size/MD5 checksum: 251842 ea30a3806bf73fa5df7c01b291b25660 http://security.debian.org/pool/updat...h-askpass-gnome_4.3p2-9etch2_ia64.deb Size/MD5 checksum: 101364 33209d8caa1a18569e5fdc2c954b0ad9 http://security.debian.org/pool/updat.../openssh-server_4.3p2-9etch2_ia64.deb Size/MD5 checksum: 338254 53fecec5c1b02b797e9caa24fa40590e http://security.debian.org/pool/updat...sh-server-udeb_4.3p2-9etch2_ia64.udeb Size/MD5 checksum: 269868 c1e98de9b285610d6a2e98ed3875cf0b http://security.debian.org/pool/updat.../openssh-client_4.3p2-9etch2_ia64.deb Size/MD5 checksum: 962006 ddc1e2a9de43a804c04b74839b2f3c1a mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updat...-client-udeb_4.3p2-9etch2_mipsel.udeb Size/MD5 checksum: 192330 c58ce9d9bd8b904ead41b41fd0190d04 http://security.debian.org/pool/updat...penssh-server_4.3p2-9etch2_mipsel.deb Size/MD5 checksum: 251464 dbc9acc8341bfaf9301e4429b20aa579 http://security.debian.org/pool/updat...-server-udeb_4.3p2-9etch2_mipsel.udeb Size/MD5 checksum: 201534 11ae7501d65bed1bcd555a31633112a6 http://security.debian.org/pool/updat...askpass-gnome_4.3p2-9etch2_mipsel.deb Size/MD5 checksum: 99856 0ff3c4ff0b5c891a0772b1e4522252d5 http://security.debian.org/pool/updat...penssh-client_4.3p2-9etch2_mipsel.deb Size/MD5 checksum: 735142 8913d6adc4df4b33bf8c60f304bc50b1 powerpc architecture (PowerPC) http://security.debian.org/pool/updat...client-udeb_4.3p2-9etch2_powerpc.udeb Size/MD5 checksum: 168316 eda08e79a293c684c9371b16ebb6d872 http://security.debian.org/pool/updat...skpass-gnome_4.3p2-9etch2_powerpc.deb Size/MD5 checksum: 101170 2df82e0bee254e7f3157965c44a1116b http://security.debian.org/pool/updat...enssh-client_4.3p2-9etch2_powerpc.deb Size/MD5 checksum: 700848 167dafdb5c2131fa879934d671bcd0a8 http://security.debian.org/pool/updat...server-udeb_4.3p2-9etch2_powerpc.udeb Size/MD5 checksum: 173326 341ece3621bf9a865db8a51d6edce165 http://security.debian.org/pool/updat...enssh-server_4.3p2-9etch2_powerpc.deb Size/MD5 checksum: 237034 c4d121d9e6f7305a96f1ff4bd0cc62cf s390 architecture (IBM S/390) http://security.debian.org/pool/updat...sh-client-udeb_4.3p2-9etch2_s390.udeb Size/MD5 checksum: 188518 994524412f881158e5d3c2f8a9d6398a http://security.debian.org/pool/updat...sh-server-udeb_4.3p2-9etch2_s390.udeb Size/MD5 checksum: 196906 ae0a4c8c4056aa4416ba9f74d3e78e5e http://security.debian.org/pool/updat.../openssh-client_4.3p2-9etch2_s390.deb Size/MD5 checksum: 725718 97047ff8dc9d0d42e59fcc04553861f6 http://security.debian.org/pool/updat...h-askpass-gnome_4.3p2-9etch2_s390.deb Size/MD5 checksum: 100148 b0fc6b7f3af34bbbb9cdae41ecb244a6 http://security.debian.org/pool/updat.../openssh-server_4.3p2-9etch2_s390.deb Size/MD5 checksum: 246770 3dc23f0937021e333a4b0be608df07c3 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updat...h-server-udeb_4.3p2-9etch2_sparc.udeb Size/MD5 checksum: 166704 b39759f84a47b5876fc6fa1d0cd15b83 http://security.debian.org/pool/updat...openssh-client_4.3p2-9etch2_sparc.deb Size/MD5 checksum: 640390 179203ca93933eaa8533b9d5b92bd018 http://security.debian.org/pool/updat...-askpass-gnome_4.3p2-9etch2_sparc.deb Size/MD5 checksum: 99644 3c7bed91286b1d9480a1453e7672242a http://security.debian.org/pool/updat...h-client-udeb_4.3p2-9etch2_sparc.udeb Size/MD5 checksum: 158358 5850cbde916ceb8eed29a0c52e2c799c http://security.debian.org/pool/updat...openssh-server_4.3p2-9etch2_sparc.deb Size/MD5 checksum: 218146 15608f46ef44bcd8f3244dd7fe58de52 -- Debian GNU/Linux unstable alias sid -- Behoben in Version 4.7p1-9. Änderungen: 2008-05-19: "Lösung" mit neuen Paketinformationen aktualisiert. Das Tool "ssh-vulnkey", eingeführt in openssh Version 1:4.3p2-9etch1, enthält einen Fehler, der dazu führt, dass einige kompromittierte Schlüssel nicht in der Ausgabe von "ssh-vulnkey" aufgelistet werden. "Original Advisory"-Bereich aktualisiert. Original Advisory: http://lists.debian.org/debian-security-announce/2008/msg00153.html http://lists.debian.org/debian-security-announce/2008/msg00155.html Andere Referenzen: SA29522: http://secunia.com/advisories/29522/ SA30220: http://secunia.com/advisories/30220/



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

1204 Related Secunia Security Advisories, displaying 10

1. Debian Update für clamav

2. Debian Update für xulrunner

3. Debian Update für ruby1.8

4. Debian Update für iceweasel

5. Debian Update für libgd2

6. Debian Update für afuse

7. Debian Update für gaim

8. Debian Update für lighttpd

9. Debian Update für iceweasel

10. Debian Update für mysql-dfsg-5.0

Show all related advisories

Send Feedback to Secunia

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Red Hat update for vsftpd

2.	Red Hat update for rdesktop

3.	Red Hat update for rdesktop

4.	Red Hat update for coreutils

5.	Red Hat update for nss_ldap

6.	Red Hat update for kernel

7.	Red Hat update for mysql

8.	Atom PhotoBlog "photoId" SQL Injection Vulnerability

9.	OpenBSD BIND Query Port DNS Cache Poisoning

10.	Red Hat update for kernel