Subject: pkg/14374: openssh-2.9.9.2 claimed vulnerable
To: None <gnats-bugs@gnats.netbsd.org>
From: Kimmo Suominen <kim@tac.nyc.ny.us>
List: netbsd-bugs
Date: 10/27/2001 10:25:28
>Number: 14374
>Category: pkg
>Synopsis: openssh-2.9.9.2 claimed vulnerable
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Oct 27 07:26:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Kimmo Suominen
>Release: pkgsrc from 2001-10-27
>Organization:
>Environment:
System: NetBSD pit.astron.com 1.5_ALPHA2 NetBSD 1.5_ALPHA2 (SHARK) #0: Mon Sep 11 19:18:38 PDT 2000 matt@sand.local:/other/arm32/kobj/SHARK arm32
>Description:
Upon installing openssh-2.9.9.2 I get the following warning:
===> Registering installation for openssh-2.9.9.2
*** WARNING: This package (openssh-2.9.9.2) has a security vulnerability ***
openssh<2.3.0 weak-authentication http://www.openbsd.org/errata27.html#sshforwarding
openssh<2.3.0 remote-root-shell http://razor.bindview.com/publish/advisories/adv_ssh1crc.html
openssh<2.9p2 remote-file-write http://www.openbsd.org/errata.html#sshcookie
openssh<2.9.9p2 remote-user-access http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=216702&start=2001-09-23&end=2001-09-29
*** WARNING: You are strongly advised to deinstall openssh-2.9.9.2 now ***
>How-To-Repeat:
cd /usr/pkgsrc/security/openssh && make install
>Fix:
Upgrade the package to a secure version?
>Release-Note:
>Audit-Trail:
>Unformatted: