Mandriva 1271 Published by

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:034
http://www.mandriva.com/security/
_______________________________________________________________________

Package : openssh
Date : February 6, 2006
Affected: 10.1, 10.2, 2006.0, Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A flaw was discovered in the scp local-to-local copy implementation
where filenames that contain shell metacharacters or spaces are
expanded twice, which could lead to the execution of arbitrary
commands if a local user could be tricked into a scp'ing a specially
crafted filename.

The provided updates bump the OpenSSH version to the latest release
version of 4.3p1. A number of differences exist, primarily dealing
with PAM authentication over the version included in Corporate 3.0
and MNF2. In particular, the default sshd_config now only accepts
protocol 2 connections and UsePAM is now disabled by default.

On systems using alternate authentication methods (ie. LDAP) that use
the PAM stack for authentication, you will need to enable UsePAM.
Note that the default /etc/pam.d/sshd file has also been modified to
use the pam_listfile.so module which will deny access to any users
listed in /etc/ssh/denyusers (by default, this is only the root user).
This is required to preserve the expected behaviour when using
"PermitRootLogin without-password"; otherwise it would still be possible
to obtain a login prompt and login without using keys.

Mandriva Linux 10.1 and newer already have these changes in their
shipped versions. There are new features in OpenSSH and users are
encouraged to review the new sshd_config and ssh_config files when
upgrading.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225
_______________________________________________________________________

Updated Packages:

Mandriva Linux 10.1:
4f1958566f5258886743a45f22ef1e34 10.1/RPMS/openssh-4.3p1-0.1.101mdk.i586.rpm
f817eb7108f59f33beb454ca6e443229 10.1/RPMS/openssh-askpass-4.3p1-0.1.101mdk.i586.rpm
db84193dba5e3f5c1e225275abe8b641 10.1/RPMS/openssh-askpass-gnome-4.3p1-0.1.101mdk.i586.rpm
a9ce7f968bcff665f647262a2ccd5d75 10.1/RPMS/openssh-clients-4.3p1-0.1.101mdk.i586.rpm
72ca79bc593835e75bf9d8996d4dd900 10.1/RPMS/openssh-server-4.3p1-0.1.101mdk.i586.rpm
33d2f96a7696b009e218ae0b721252f7 10.1/SRPMS/openssh-4.3p1-0.1.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
4f1030c6ee3a954d2edfc74e33e42ecb x86_64/10.1/RPMS/openssh-4.3p1-0.1.101mdk.x86_64.rpm
d53686d7ede0f71a113cd129b9251b61 x86_64/10.1/RPMS/openssh-askpass-4.3p1-0.1.101mdk.x86_64.rpm
519e7a06bcd2dab1faeea0f890f87b17 x86_64/10.1/RPMS/openssh-askpass-gnome-4.3p1-0.1.101mdk.x86_64.rpm
77bf38dce2398fad97c67527bfecce98 x86_64/10.1/RPMS/openssh-clients-4.3p1-0.1.101mdk.x86_64.rpm
78e6936ccd813adfb65878c9ddf171e3 x86_64/10.1/RPMS/openssh-server-4.3p1-0.1.101mdk.x86_64.rpm
33d2f96a7696b009e218ae0b721252f7 x86_64/10.1/SRPMS/openssh-4.3p1-0.1.101mdk.src.rpm

Mandriva Linux 10.2:
e9d694810e62424f76bbfd8289dde78d 10.2/RPMS/openssh-4.3p1-0.1.102mdk.i586.rpm
f20adbb972331bd47cd7757438d57b04 10.2/RPMS/openssh-askpass-4.3p1-0.1.102mdk.i586.rpm
7f3c599cce33a46f1dc3cee971809cd2 10.2/RPMS/openssh-askpass-gnome-4.3p1-0.1.102mdk.i586.rpm
cab8ee8878caa0be59a9fce2436ca108 10.2/RPMS/openssh-clients-4.3p1-0.1.102mdk.i586.rpm
89b36beb1e7efc313f7a7072e93f4fa8 10.2/RPMS/openssh-server-4.3p1-0.1.102mdk.i586.rpm
59d044910a86509f132504e08c8c6ca3 10.2/SRPMS/openssh-4.3p1-0.1.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
0c78958b6a0c0a2dede35971d1aade4f x86_64/10.2/RPMS/openssh-4.3p1-0.1.102mdk.x86_64.rpm
b010db3117a2af7f0ffa2782065fec64 x86_64/10.2/RPMS/openssh-askpass-4.3p1-0.1.102mdk.x86_64.rpm
41b6f95151ca2c26ff9011e1b37e227f x86_64/10.2/RPMS/openssh-askpass-gnome-4.3p1-0.1.102mdk.x86_64.rpm
2bdb612317f7711a79bec1f66ed400b6 x86_64/10.2/RPMS/openssh-clients-4.3p1-0.1.102mdk.x86_64.rpm
3430540fb77be153a105c624dc8d1ffb x86_64/10.2/RPMS/openssh-server-4.3p1-0.1.102mdk.x86_64.rpm
59d044910a86509f132504e08c8c6ca3 x86_64/10.2/SRPMS/openssh-4.3p1-0.1.102mdk.src.rpm

Mandriva Linux 2006.0:
c14c845b293b5de9eef2fd38fa664cf0 2006.0/RPMS/openssh-4.3p1-0.1.20060mdk.i586.rpm
b4e9bce08d4cb9fd6ea58bfb22582322 2006.0/RPMS/openssh-askpass-4.3p1-0.1.20060mdk.i586.rpm
f3b06a0f7582893da708eb731f20ddfc 2006.0/RPMS/openssh-askpass-gnome-4.3p1-0.1.20060mdk.i586.rpm
56b7d3d829cfbadc16727b4cd70435f5 2006.0/RPMS/openssh-clients-4.3p1-0.1.20060mdk.i586.rpm
a39dcb6136735a992de272af885b969d 2006.0/RPMS/openssh-server-4.3p1-0.1.20060mdk.i586.rpm
a10d5c3b02ded996721063187635f15a 2006.0/SRPMS/openssh-4.3p1-0.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
dbb50e2feb0dacec89f455830307c91a x86_64/2006.0/RPMS/openssh-4.3p1-0.1.20060mdk.x86_64.rpm
9e85c473bbde1843ebb6c9c1c6500540 x86_64/2006.0/RPMS/openssh-askpass-4.3p1-0.1.20060mdk.x86_64.rpm
5d9900f6f1daa7a2a9f27579f9605eba x86_64/2006.0/RPMS/openssh-askpass-gnome-4.3p1-0.1.20060mdk.x86_64.rpm
2c77e52059848c5e83a3e55c4474edfc x86_64/2006.0/RPMS/openssh-clients-4.3p1-0.1.20060mdk.x86_64.rpm
031bcfc66f716724bfbcca9c95959757 x86_64/2006.0/RPMS/openssh-server-4.3p1-0.1.20060mdk.x86_64.rpm
a10d5c3b02ded996721063187635f15a x86_64/2006.0/SRPMS/openssh-4.3p1-0.1.20060mdk.src.rpm

Corporate 3.0:
546cd58b29300de4500804cff32af1a7 corporate/3.0/RPMS/openssh-4.3p1-0.1.C30mdk.i586.rpm
095a74722e96addb091b5cfba0c21dbe corporate/3.0/RPMS/openssh-askpass-4.3p1-0.1.C30mdk.i586.rpm
1bab5ca1b302bfe34f797e869915f3ca corporate/3.0/RPMS/openssh-askpass-gnome-4.3p1-0.1.C30mdk.i586.rpm
89e4dce7994c4689b38e215e952a730a corporate/3.0/RPMS/openssh-clients-4.3p1-0.1.C30mdk.i586.rpm
10292199734d88055ace14e2c8e3599e corporate/3.0/RPMS/openssh-server-4.3p1-0.1.C30mdk.i586.rpm
9ce440e371ba9b2d0363d49176ae5648 corporate/3.0/SRPMS/openssh-4.3p1-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
82c9e80e32db96a4ff26a4292b559176 x86_64/corporate/3.0/RPMS/openssh-4.3p1-0.1.C30mdk.x86_64.rpm
b9bbe12e01d44953d6c86cd3a9f65af6 x86_64/corporate/3.0/RPMS/openssh-askpass-4.3p1-0.1.C30mdk.x86_64.rpm
5870347a3396863c94d87368cd819934 x86_64/corporate/3.0/RPMS/openssh-askpass-gnome-4.3p1-0.1.C30mdk.x86_64.rpm
d5ea4c7e2595f4ba547b3764d76cdee3 x86_64/corporate/3.0/RPMS/openssh-clients-4.3p1-0.1.C30mdk.x86_64.rpm
dd16b1d8f78ad1d048b3cb5e1f30a80d x86_64/corporate/3.0/RPMS/openssh-server-4.3p1-0.1.C30mdk.x86_64.rpm
9ce440e371ba9b2d0363d49176ae5648 x86_64/corporate/3.0/SRPMS/openssh-4.3p1-0.1.C30mdk.src.rpm

Multi Network Firewall 2.0:
43cee91113a305f010918b320147452c mnf/2.0/RPMS/openssh-4.3p1-0.1.M20mdk.i586.rpm
26ea50f3c198a9a4be7935c67fd853a6 mnf/2.0/RPMS/openssh-askpass-4.3p1-0.1.M20mdk.i586.rpm
97be92c62eccef50269d25d92b0297c1 mnf/2.0/RPMS/openssh-askpass-gnome-4.3p1-0.1.M20mdk.i586.rpm
8d733406cf0897e6206fdfeb0b18e7f9 mnf/2.0/RPMS/openssh-clients-4.3p1-0.1.M20mdk.i586.rpm
91b5423db76153e8aa26429057ef663d mnf/2.0/RPMS/openssh-server-4.3p1-0.1.M20mdk.i586.rpm
8a7c07cd3738c99742c00480232acd10 mnf/2.0/SRPMS/openssh-4.3p1-0.1.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD55+rmqjQ0CJFipgRAvjDAKDSwcW4klS43hTGIN9dJpcywA58/wCg4AgD
hCKX9/LjcxuBh2QQZ4w8+sw=
=2iXx
-----END PGP SIGNATURE-----