Date: 19 May 2008
References: AA-2007.0074 ESB-2008.0465 AL-2008.0059
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
A U S C E R T A L E R T
AL-2008.0060 -- AUSCERT ALERT
[Debian]
New openssh packages fix predictable randomness
19 May 2008
===========================================================================
AusCERT Alert Summary
---------------------
Product: openssh
Publisher: Debian
Operating System: Debian GNU/Linux 4.0
Impact: Access Confidential Data
Access: Remote/Unauthenticated
CVE Names: CVE-2008-1483 CVE-2008-0166 CVE-2007-4752
Ref: AL-2008.0059
ESB-2008.0465
AA-2007.0074
Original Bulletin: http://www.debian.org/security/2008/dsa-1576
Comment: This bulletin has been updated as the ssh-vulnkey's output was not
listing all the compromised keys. As a result a new package has been
released.
We are releasing this advisory as an alert as exploits relating
to the openssl vulnerability have now been made public. As stated
by Debian in the original bulletin:
"It is strongly recommended that all cryptographic key material
which has been generated by OpenSSL versions starting with 0.9.8c-1
on Debian systems is recreated from scratch. Furthermore, all DSA
keys ever used on affected Debian systems for signing or
authentication purposes should be considered compromised; the
Digital Signature Algorithm relies on a secret random value used
during signature generation."
Revision History: May 19 2008: New package released to correct an error
in the original package.
May 15 2008: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ------------------------------------------------------------------------
Debian Security Advisory DSA-1576-2 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
May 16, 2008 http://www.debian.org/security/faq
- - ------------------------------------------------------------------------
Package : openssh
Vulnerability : predictable random number generator
Problem type : remote
Debian-specific: yes
CVE Id(s) : CVE-2008-0166
Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys with
options (such as "no-port-forwarding" or forced commands) were ignored by
the new ssh-vulnkey tool introduced in openssh 1:4.3p2-9etch1 (see DSA
1576-1). This could cause some compromised keys not to be listed in
ssh-vulnkey's output.
This update also adds more information to ssh-vulnkey's manual page.
For the stable distribution (etch), this problem has been fixed in version
1:4.3p2-9etch2
We recommend that you upgrade your openssh (1:4.3p2-9etch2) package.
Upgrade instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- - -------------------------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch2.dsc
Size/MD5 checksum: 1010 7bcad5f65ff1722db7c431d3a25e8578
http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2.orig.tar.gz
Size/MD5 checksum: 920186 239fc801443acaffd4c1f111948ee69c
http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch2.diff.gz
Size/MD5 checksum: 276621 27984546be5ba87687ae6e7e5df36578
Architecture independent packages:
http://security.debian.org/pool/updates/main/o/openssh/ssh-krb5_4.3p2-9etch2_all.deb
Size/MD5 checksum: 92022 1cd59a62eb401f21421f13a6caf3d509
http://security.debian.org/pool/updates/main/o/openssh/ssh_4.3p2-9etch2_all.deb
Size/MD5 checksum: 1052 b096153814cc8949820d9958f8b81a00
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch2_alpha.deb
Size/MD5 checksum: 100498 2fa04ed9e0ee9625f28964938cc19b64
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch2_alpha.deb
Size/MD5 checksum: 782726 0c48b38fc56cdaedb3d4a1eab9ecd25d
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch2_alpha.udeb
Size/MD5 checksum: 213728 ff4b07cb720fb26210c3a49213737168
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch2_alpha.deb
Size/MD5 checksum: 266510 113583573c885f7baa40b9a78933c6aa
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch2_alpha.udeb
Size/MD5 checksum: 198498 6dd01cb3b4fe5cf3726142f429281187
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch2_amd64.deb
Size/MD5 checksum: 100106 b4dc14aee0a9c94d96e3b392a2dd61e8
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch2_amd64.deb
Size/MD5 checksum: 711910 dc68b26b2810e7f47e3fa419c262bc07
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch2_amd64.deb
Size/MD5 checksum: 245522 b02dc226eb5aae330b08429a17f0eef6
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch2_amd64.udeb
Size/MD5 checksum: 183854 fa96f8d05d380a6053672de0a6bd30c1
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch2_amd64.udeb
Size/MD5 checksum: 171334 b2eafdc135649523828db8416f22617d
arm architecture (ARM)
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch2_arm.deb
Size/MD5 checksum: 218980 6065fa1195e74549c7dd66fbe2b41718
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch2_arm.deb
Size/MD5 checksum: 99668 c6260735e7d50c21e19d01702b4e45bb
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch2_arm.deb
Size/MD5 checksum: 650608 42d8f87667ffd3fdccb26ec5c8d775ac
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch2_arm.udeb
Size/MD5 checksum: 171666 4bc55e6d06de4f0bda2771ad78770d27
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch2_arm.udeb
Size/MD5 checksum: 164870 f82b52267f503acfdf3f7ad1b40b0555
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch2_hppa.udeb
Size/MD5 checksum: 189624 351333a1ca9d92e389b0197ec2cca869
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch2_hppa.deb
Size/MD5 checksum: 733002 47e84be664670a3ad083d2a3f90c3124
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch2_hppa.deb
Size/MD5 checksum: 100460 335b7aed705d4b8a1b9f96a5f6f9ec37
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch2_hppa.udeb
Size/MD5 checksum: 198168 ec7f163eb74e84d4a8605e54715acc6a
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch2_hppa.deb
Size/MD5 checksum: 249924 7ead727d52913c1ff8630e383f6ea48c
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch2_i386.deb
Size/MD5 checksum: 223706 68ed0ebd125d47d1406095a818fac0f8
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch2_i386.udeb
Size/MD5 checksum: 162630 a032adc78b967a09180c480143022e93
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch2_i386.deb
Size/MD5 checksum: 99688 949ba4673d2a74126a485098f29a6a96
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch2_i386.deb
Size/MD5 checksum: 659896 b15d0dd5cc67362833a2c7853bdff958
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch2_i386.udeb
Size/MD5 checksum: 154018 4af4893e4eb970c8b005bfee3a1896d5
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch2_ia64.udeb
Size/MD5 checksum: 251842 ea30a3806bf73fa5df7c01b291b25660
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch2_ia64.deb
Size/MD5 checksum: 101364 33209d8caa1a18569e5fdc2c954b0ad9
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch2_ia64.deb
Size/MD5 checksum: 338254 53fecec5c1b02b797e9caa24fa40590e
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch2_ia64.udeb
Size/MD5 checksum: 269868 c1e98de9b285610d6a2e98ed3875cf0b
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch2_ia64.deb
Size/MD5 checksum: 962006 ddc1e2a9de43a804c04b74839b2f3c1a
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch2_mipsel.udeb
Size/MD5 checksum: 192330 c58ce9d9bd8b904ead41b41fd0190d04
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch2_mipsel.deb
Size/MD5 checksum: 251464 dbc9acc8341bfaf9301e4429b20aa579
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch2_mipsel.udeb
Size/MD5 checksum: 201534 11ae7501d65bed1bcd555a31633112a6
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch2_mipsel.deb
Size/MD5 checksum: 99856 0ff3c4ff0b5c891a0772b1e4522252d5
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch2_mipsel.deb
Size/MD5 checksum: 735142 8913d6adc4df4b33bf8c60f304bc50b1
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch2_powerpc.udeb
Size/MD5 checksum: 168316 eda08e79a293c684c9371b16ebb6d872
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch2_powerpc.deb
Size/MD5 checksum: 101170 2df82e0bee254e7f3157965c44a1116b
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch2_powerpc.deb
Size/MD5 checksum: 700848 167dafdb5c2131fa879934d671bcd0a8
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch2_powerpc.udeb
Size/MD5 checksum: 173326 341ece3621bf9a865db8a51d6edce165
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch2_powerpc.deb
Size/MD5 checksum: 237034 c4d121d9e6f7305a96f1ff4bd0cc62cf
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch2_s390.udeb
Size/MD5 checksum: 188518 994524412f881158e5d3c2f8a9d6398a
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch2_s390.udeb
Size/MD5 checksum: 196906 ae0a4c8c4056aa4416ba9f74d3e78e5e
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch2_s390.deb
Size/MD5 checksum: 725718 97047ff8dc9d0d42e59fcc04553861f6
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch2_s390.deb
Size/MD5 checksum: 100148 b0fc6b7f3af34bbbb9cdae41ecb244a6
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch2_s390.deb
Size/MD5 checksum: 246770 3dc23f0937021e333a4b0be608df07c3
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch2_sparc.udeb
Size/MD5 checksum: 166704 b39759f84a47b5876fc6fa1d0cd15b83
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch2_sparc.deb
Size/MD5 checksum: 640390 179203ca93933eaa8533b9d5b92bd018
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch2_sparc.deb
Size/MD5 checksum: 99644 3c7bed91286b1d9480a1453e7672242a
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch2_sparc.udeb
Size/MD5 checksum: 158358 5850cbde916ceb8eed29a0c52e2c799c
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch2_sparc.deb
Size/MD5 checksum: 218146 15608f46ef44bcd8f3244dd7fe58de52
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFILbKkYrVLjBFATsMRAqVwAJ9Nna1E7l7uReB/LF003XXq0tqY3ACfWWHs
Tu+altWyFO9ZVdKNrHtH2F8=
=ldSo
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ------------------------------------------------------------------------
Debian Security Advisory DSA-1576-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
May 14, 2008 http://www.debian.org/security/faq
- - ------------------------------------------------------------------------
Package : openssh
Vulnerability : predictable random number generator
Problem type : remote
Debian-specific: yes
CVE Id(s) : CVE-2008-0166
The recently announced vulnerability in Debian's openssl package
(DSA-1571-1, CVE-2008-0166) indirectly affects OpenSSH. As a result,
all user and host keys generated using broken versions of the openssl
package must be considered untrustworthy, even after the openssl update
has been applied.
1. Install the security updates
This update contains a dependency on the openssl update and will
automatically install a corrected version of the libss0.9.8 package,
and a new package openssh-blacklist.
Once the update is applied, weak user keys will be automatically
rejected where possible (though they cannot be detected in all
cases). If you are using such keys for user authentication, they
will immediately stop working and will need to be replaced (see
step 3).
OpenSSH host keys can be automatically regenerated when the OpenSSH
security update is applied. The update will prompt for confirmation
before taking this step.
2. Update OpenSSH known_hosts files
The regeneration of host keys will cause a warning to be displayed when
connecting to the system using SSH until the host key is updated in the
known_hosts file. The warning will look like this:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
In this case, the host key has simply been changed, and you should update
the relevant known_hosts file as indicated in the error message.
It is recommended that you use a trustworthy channel to exchange the
server key. It is found in the file /etc/ssh/ssh_host_rsa_key.pub on
the server; it's fingerprint can be printed using the command:
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
In addition to user-specific known_hosts files, there may be a
system-wide known hosts file /etc/ssh/known_hosts. This is file is
used both by the ssh client and by sshd for the hosts.equiv
functionality. This file needs to be updated as well.
3. Check all OpenSSH user keys
The safest course of action is to regenerate all OpenSSH user keys,
except where it can be established to a high degree of certainty that the
key was generated on an unaffected system.
Check whether your key is affected by running the ssh-vulnkey tool, included
in the security update. By default, ssh-vulnkey will check the standard
location for user keys (~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity),
your authorized_keys file (~/.ssh/authorized_keys and
~/.ssh/authorized_keys2), and the system's host keys
(/etc/ssh/ssh_host_dsa_key and /etc/ssh/ssh_host_rsa_key).
To check all your own keys, assuming they are in the standard
locations (~/.ssh/id_rsa, ~/.ssh/id_dsa, or ~/.ssh/identity):
ssh-vulnkey
To check all keys on your system:
sudo ssh-vulnkey -a
To check a key in a non-standard location:
ssh-vulnkey /path/to/key
If ssh-vulnkey says "Unknown (no blacklist information)", then it has no
information about whether that key is affected. In this case, you
can examine the modification time (mtime) of the file using "ls -l".
Keys generated before September 2006 are not affected. Keep in mind
that, although unlikely, backup procedures may have changed the file
date back in time (or the system clock may have been incorrectly
set).
If in doubt, generate a new key and remove the old one from any
servers.
4. Regenerate any affected user keys
OpenSSH keys used for user authentication must be manually regenerated,
including those which may have since been transferred to a different system
after being generated.
New keys can be generated using ssh-keygen, e.g.:
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 user@host
5. Update authorized_keys files (if necessary)
Once the user keys have been regenerated, the relevant public keys
must be propagated to any authorized_keys files (and authorized_keys2
files, if applicable) on remote systems. Be sure to delete the lines
containing old keys from those files..
In addition to countermeasures to mitigate the randomness vulnerability,
this OpenSSH update fixes several other vulnerabilities:
CVE-2008-1483:
Timo Juhani Lindfors discovered that, when using X11 forwarding, the
SSH client selects an X11 forwarding port without ensuring that it
can be bound on all address families. If the system is configured
with IPv6 (even if it does not have working IPv6 connectivity), this
could allow a local attacker on the remote server to hijack X11
forwarding.
CVE-2007-4752:
Jan Pechanec discovered that ssh fails back to creating a trusted X11
cookie if creating an untrusted cookie fails, potentially exposing
the local display to a malicious remote server when using X11
forwarding.
For the stable distribution (etch), these problems have been fixed in
version 4.3p2-9etch1. Currently, only a subset of all supported
architectures have been built; further updates will be provided when
they become available.
For the unstable distribution (sid) and the testing distribution
(lenny), these problems have been fixed in version 4.7p1-9.
We recommend that you upgrade your openssh packages and take the
measures indicated above.
Upgrade instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- - -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch1.diff.gz
Size/MD5 checksum: 275168 920f559caa1c8c737b016c08df2bde05
http://security.debian.org/pool/updates/main/o/openssh-blacklist/openssh-blacklist_0.1.1.tar.gz
Size/MD5 checksum: 3694141 05eec6b473990bff4fc70921b232794b
http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch1.dsc
Size/MD5 checksum: 1074 89930d72e9aff6b344efd35a130e4faa
http://security.debian.org/pool/updates/main/o/openssh-blacklist/openssh-blacklist_0.1.1.dsc
Size/MD5 checksum: 799 aeaa45e0bfbf7f966e3c7fca9181d99d
http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2.orig.tar.gz
Size/MD5 checksum: 920186 239fc801443acaffd4c1f111948ee69c
Architecture independent packages:
http://security.debian.org/pool/updates/main/o/openssh-blacklist/openssh-blacklist_0.1.1_all.deb
Size/MD5 checksum: 2121928 fa1ba22d98f91f18b326ee1bfd31bcbb
http://security.debian.org/pool/updates/main/o/openssh/ssh_4.3p2-9etch1_all.deb
Size/MD5 checksum: 1060 44ec3f52add1876d7b2c1bd3fa3cdbfd
http://security.debian.org/pool/updates/main/o/openssh/ssh-krb5_4.3p2-9etch1_all.deb
Size/MD5 checksum: 92162 9ae37916a6dc269318aff1215b6638cf
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_alpha.udeb
Size/MD5 checksum: 198496 69fe6fc4002ec592e1756cee28ffd85b
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_alpha.deb
Size/MD5 checksum: 782120 e5746f3c12a52f72b75cffee8e1c3a6f
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_alpha.deb
Size/MD5 checksum: 100402 fda20ac6b68a6882534384e6ce4e6efd
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_alpha.udeb
Size/MD5 checksum: 213724 118390296bbf6d6d208d39a07895852e
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_alpha.deb
Size/MD5 checksum: 266518 be53eb9497ea993e0ae7db6a0a4dcd3a
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_amd64.udeb
Size/MD5 checksum: 183848 bd6c4123fe0e72f7565e455b25eb037c
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_amd64.deb
Size/MD5 checksum: 244406 f70bf398d91eb4b8fe27cc5b03548b16
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_amd64.udeb
Size/MD5 checksum: 171512 0b8afcf2b96ad97323152342e83dd3bf
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_amd64.deb
Size/MD5 checksum: 709734 556332c58aeee82628d35ebf71d15ac1
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_amd64.deb
Size/MD5 checksum: 99896 14d2f97314e7b4b6cb97540667d7f544
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_hppa.udeb
Size/MD5 checksum: 189608 5267dec18e00f3e88bd53b3adfe23e62
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_hppa.deb
Size/MD5 checksum: 100438 2ebd2edd75c440c062eaafab5a97b177
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_hppa.deb
Size/MD5 checksum: 250556 1ca2aa080853748ab343381d9f9ffc6b
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_hppa.udeb
Size/MD5 checksum: 198424 d99af9d81fe074f9b16928cae835ce56
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_hppa.deb
Size/MD5 checksum: 733664 e6abc3231e7d274a5a73321ea3761974
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_i386.deb
Size/MD5 checksum: 660432 16f0807e7871c23af0660e529837cb76
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_i386.deb
Size/MD5 checksum: 224178 aaedc883a11ba7273e5ddeb496a3488a
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_i386.deb
Size/MD5 checksum: 100000 fd41f726ff14b7f8ab0dfc1c6b43be2c
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_i386.udeb
Size/MD5 checksum: 162630 f197dbdfe7a92bd4992d8c77c76b4488
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_i386.udeb
Size/MD5 checksum: 154028 5df04dc7c5474b30e515047740bd0c38
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_ia64.udeb
Size/MD5 checksum: 269868 1646034b7db5a862ea17d0d6928900ff
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_ia64.deb
Size/MD5 checksum: 961594 394027253cbaeba863f07e7fee848dcb
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_ia64.deb
Size/MD5 checksum: 101280 f3e421145857106615ce19cb05508a7a
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_ia64.udeb
Size/MD5 checksum: 251840 24ba6fd53e10e754845fc4361257d0ff
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_ia64.deb
Size/MD5 checksum: 338256 4ff1206f8f3c618f7bfd406f88b38841
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_powerpc.deb
Size/MD5 checksum: 237040 b50b3e1ac8586eb55a5f06201dd3edf2
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_powerpc.udeb
Size/MD5 checksum: 173322 f1fa458555b787a2b7fc786da7974b91
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_powerpc.deb
Size/MD5 checksum: 700518 fd43ca106400be36545f31b955667e22
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_powerpc.deb
Size/MD5 checksum: 101080 a5005e3e3447f8eb75d99746a2704b8d
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_powerpc.udeb
Size/MD5 checksum: 168320 61848a42ed513d232fceea6eb335e315
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_sparc.deb
Size/MD5 checksum: 218132 ce7a2f44e51c2fe6df31ec567ce65d28
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_sparc.deb
Size/MD5 checksum: 99544 61cd81c98576feea92fb865856311b7d
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_sparc.deb
Size/MD5 checksum: 639770 6085da0b96f1e9ee87abec7206eb7ef8
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_sparc.udeb
Size/MD5 checksum: 166706 99368689bddbc70f98ef5f51aa19051a
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_sparc.udeb
Size/MD5 checksum: 158360 07bf438d8e0d3fd02ff37371ff8645d6
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSCqu4797/wQC1SS+AQIvOgf9H/0Xn/paZyp8CCPPuQKBq162OpDhyaOg
ZFCaOCK2Yv2hNdbPas1EhA2IBGTbmotmKbJcGeyWI9YMwPKY0NxJM8nk/RZ4sL5R
KF+dALOZ+Vh+Dh333tp4ONvQUc50s78MZukCSoZ/z6i7Efr/dKzBN1rvsxcXs23D
rZNI1WYmhZBmCSa10Yv93TeN4D1pN2a1rKgZ+a23DlKmAVQJcWm0TWOiMr4HUbMr
usiEufXC/onF4O3dwVbsV2vOsPI6J4w9yTj1cAuevMDPTUo5ktZCx1PzVDS2wUQV
wUs+HJ25yNHfw39gfseDzkQUYzlMFipIA59+jr2RbUOItWF3mPDU4Q==
=m4ox
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBSDDCHih9+71yA2DNAQKXNwP/ZmnSH8KD8rhi/W98YypDvI8CINk+Z3J3
ACRdo2z2cqFLyF3xZ4u3jfathaIFk0AItboT/0ggrAHpd3M6mNMo7xk8HW3MTe75
fyVFE/o22Alys6cUO7ew/hw/ia/ru6LxRJHBmLXmQOMrXiwZlqRBSs2E/6rsHIfS
9jgVe1jvZPg=
=6RFo
-----END PGP SIGNATURE-----
|