[SELUG] OpenSSH

[nils]

howdy all 

quote from main Ilug list
> 
> More detail (from FreeBSD-announce, don't know how relevant to Linux):
> 
> II.  Problem Description
> 
> When a packet is received that is larger than the space remaining the
> currently
> allocated buffer, OpenSSH's buffer management attempts to reallocate a
> larger
> buffer.  During this process, the recorded size of the buffer is
> increased.  The
> new size is then range checked.  If the range check fails, then
> fatal() is
> called to cleanup and exit.  In some cases the cleanup code will
> attempt to zero
> and free the buffer that just had its recorded size (but not actual
> allocation)
> increased.  As a result, memory outside of the allocated buffer will
> be
> overwritten with NUL bytes.
> 
> III. Impact
> 
> A remote attacker can cause OpenSSH to crash.  The bug is not believed
> to be
> exploitable for code execution on FreeBSD.
> 
> (From FreeBSD-SA-03:12)

So update your OpenSSH server,now!