MDKSA-2001:033-1

Package name

openssh

Date

2001-03-23

Advisory ID

MDKSA-2001:033-1

Affected versions

7.0 i586 , 7.1 i586

Problem description

There are several weaknesses in various implementations of the SSH (Secure Shell) protocols. When exploited, they let the attacker obtain sensitive information by passively monitoring encrypted SSH sessions. The information can later be used to speed up brute-force attacks on passwords, including the initial login password and other passwords appearing in interactive SSH sessions, such as those used with su. Versions of OpenSSH 2.5.2 and later have been fixed to reduce the impact of these traffic analysis problems, and as such all Linux- Mandrake users are encouraged to upgrade their version of openssh immediately. Update: In some cases, openssh would disallow logins under Linux-Mandrake 7.0 and 7.1. As well, dependency problems have been corrected for 7.0/7.1.

Updated packages

7.0 i586

 3f12180d28180dcad35f9c1f7f3b985b  7.0/RPMS/openssh-2.5.2p2-1.6mdk.i586.rpm
3723def831bf7871f4300d2e849a49f7  7.0/RPMS/openssh-askpass-2.5.2p2-1.6mdk.i586.rpm
9004c76d523cbd47f70fa6116a1d1b77  7.0/RPMS/openssh-askpass-gnome-2.5.2p2-1.6mdk.i586.rpm
fa59d3267cd0600f85e91cf007fb826c  7.0/RPMS/openssh-clients-2.5.2p2-1.6mdk.i586.rpm
d8ab21a2a755b94bf4ad6c48bcef2048  7.0/RPMS/openssh-server-2.5.2p2-1.6mdk.i586.rpm
b9a433c6cfd4cf1e3dea4305dbe261f6  7.0/SRPMS/openssh-2.5.2p2-1.6mdk.src.rpm

7.1 i586

 cd03e78ddfc4f9659221b22a37900106  7.1/RPMS/openssh-2.5.2p2-1.5mdk.i586.rpm
f697fce31de44dcfca614161846b5bc4  7.1/RPMS/openssh-askpass-2.5.2p2-1.5mdk.i586.rpm
6f59f101b90721066a961e293112ebe8  7.1/RPMS/openssh-askpass-gnome-2.5.2p2-1.5mdk.i586.rpm
971da9017a8b41e06f2025fc96ad6e9b  7.1/RPMS/openssh-clients-2.5.2p2-1.5mdk.i586.rpm
24796dc6a9b495fa9577073e1bc97206  7.1/RPMS/openssh-server-2.5.2p2-1.5mdk.i586.rpm
106186d5279ad127cae314ffb37bda05  7.1/SRPMS/openssh-2.5.2p2-1.5mdk.src.rpm