Vine Linux Errata

[ 2008,01,20 ] openssh にセキュリティホール

対象 (Vine Linuxバージョン):

4.1/i386, 4.1/ppc

内容:

sh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted. Vine Linux 4.2 ではすでにこの修正は含まれています。

修正ずみパッケージ／ファイル:

[ size ] [ SHA1 checksum ]                        [ file name ]
 1029812 ae06f475a9a6e8bdc03d399e81b9f4ff38a582c6 openssh-4.5p1-0vl1.2.src.rpm

  254193 408408c458d8cd98ec2b8ba40322a6dd60e575a6 openssh-4.5p1-0vl1.2.i386.rpm
   32930 8b0e782dd2a06b96bf46faf5655a690f18fd3d00 openssh-askpass-4.5p1-0vl1.2.i386.rpm
   14805 f3a8cb22b4837626484724e1c1c5c12043404f4a openssh-askpass-gnome-4.5p1-0vl1.2.i386.rpm
  345281 9c671f912516ac2a02200320b940c3d78b23e06e openssh-clients-4.5p1-0vl1.2.i386.rpm
   11974 a8d8e3a897cac8883446e202def63a9f53f4cefa openssh-contrib-4.5p1-0vl1.2.i386.rpm
  203580 cb4f5170cd619f88e46cb8bdba79042e8cda578b openssh-server-4.5p1-0vl1.2.i386.rpm

  271414 881addf4ee6cd51077961184e97f2b51ba80dd4e openssh-4.5p1-0vl1.2.ppc.rpm
   34715 ac28a6618c53311c59a76b769424915dc426b45d openssh-askpass-4.5p1-0vl1.2.ppc.rpm
   16259 54bf9d12207aa548498e70b21ea1d99052aa009b openssh-askpass-gnome-4.5p1-0vl1.2.ppc.rpm
  377039 240146f45c25b09402aa748ecde734d82e0fb4ee openssh-clients-4.5p1-0vl1.2.ppc.rpm
   11924 ab948473967c47263f1cb2fd14b0fc475b3adc1e openssh-contrib-4.5p1-0vl1.2.ppc.rpm
  220074 1199ca8b46d645488146604b913c4c11b44ec74c openssh-server-4.5p1-0vl1.2.ppc.rpm

入手先：

各ミラーサイトの

Vine-4.1/updates/RPMS/i386
Vine-4.1/updates/RPMS/ppc

より入手してください。

関連URL:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
http://www.frsirt.com/english/advisories/2007/3156
http://www.frsirt.com/english/advisories/2007/4084