Contributed by Dengue on from the proactive-security dept.
Patch02: sshd(8) is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.1 to fix a few problems:
- A security hole that may allow an attacker to partially authenticate if -- and only if -- the administrator has enabled KerberosV.
- By default, OpenSSH KerberosV support only becomes active after KerberosV has been properly configured.
- An excessive memory clearing bug (which we believe to be unexploitable) also exists, but since this may cause daemon crashes, we are providing a patch as well.
- Various other non-critical fixes.
- Patch016 : A security issue exists in the vi.recover script that may allow an attacker to remove arbitrary zero-length files, regardless of ownership.
(Comments are closed)