|
|
>> Fedora Security Update Fixes OpenSSH Cookie Handling Security Issue
|
Title : Fedora Security Update Fixes OpenSSH Cookie Handling Security Issue
VUPEN ID : VUPEN/ADV-2007-3515
CVE ID : CVE-2007-3102 - CVE-2007-4752
Rated as : Low Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-10-17
|
A vulnerability has been identified in Fedora, which could be exploited by attackers to bypass security restrictions. This issue is caused by an error in OpenSSH. For additional information, see : VUPEN/ADV-2007-3156
Affected Products
Fedora Core 6
Solution
Upgrade the affected packages :
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
c4bbdf05c3ec42791b33aed51106634c5ab4ea96 SRPMS/openssh-4.3p2-25.fc6.src.rpm
c4bbdf05c3ec42791b33aed51106634c5ab4ea96 noarch/openssh-4.3p2-25.fc6.src.rpm
eeafee7ed54d6acafc1853a390e05e73c896faf5 ppc/openssh-server-4.3p2-25.fc6.ppc.rpm
e1d4265aacda1e9b44298cb841a7460d12a8dea2 ppc/openssh-4.3p2-25.fc6.ppc.rpm
30a4319536c7c24c231b68724b7c476365da52e8 ppc/debug/openssh-debuginfo-4.3p2-25.fc6.ppc.rpm
3797e42e4517c34f227244650d540200db14e964 ppc/openssh-clients-4.3p2-25.fc6.ppc.rpm
20f99e79df0ba9cfdfb6756906e3ae376eb9c9d0 ppc/openssh-askpass-4.3p2-25.fc6.ppc.rpm
b36310f377ada7282c203cc701d981689fbeebd7 x86_64/openssh-4.3p2-25.fc6.x86_64.rpm
877916362094d3443b4b1847d85015287bd7e134 x86_64/openssh-clients-4.3p2-25.fc6.x86_64.rpm
8243870ab20446d750a309039a98016495d39940 x86_64/openssh-askpass-4.3p2-25.fc6.x86_64.rpm
a16ba2e453efeb80200139da46a8e747253e6241 x86_64/openssh-server-4.3p2-25.fc6.x86_64.rpm
34774711bb4e15f2c34b05fc6750d4179b21667d x86_64/debug/openssh-debuginfo-4.3p2-25.fc6.x86_64.rpm
12d01c6072fc4b00adb901915a10a2f7dbed0ead i386/openssh-askpass-4.3p2-25.fc6.i386.rpm
069c04e6f06ea70f1bd0d92c9716d2787fb7e8c9 i386/debug/openssh-debuginfo-4.3p2-25.fc6.i386.rpm
fffd8e803de28363b6e7f83baab23cde83d8b22f i386/openssh-4.3p2-25.fc6.i386.rpm
315c0f591789bc52146b42dc1b60ee947b2faddb i386/openssh-server-4.3p2-25.fc6.i386.rpm
b517d9b6f741afeb0cab1c75f100292851e8a702 i386/openssh-clients-4.3p2-25.fc6.i386.rpm
References
http://www.vupen.com/english/advisories/2007/3515
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html
ChangeLog
2007-10-17 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
