______________________________________________________________________________ SuSE Security Announcement Package: openssh (second release) Announcement-ID: SuSE-SA:2003:039 Date: Thursday, Sep 18 2003 20:00 MEST Affected products: 7.2, 7.3, 8.0, 8.1, 8.2 SuSE Linux Database Server, SuSE eMail Server III, 3.1 SuSE Linux Enterprise Server 7, 8 SuSE Linux Firewall on CD/Admin host SuSE Linux Connectivity Server SuSE Linux Office Server SuSE Linux Standard Server 8 Vulnerability Type: potential remote privilege escalation Severity (1-10): 8 SuSE default package: yes Cross References: http://www.openssh.com/txt/buffer.adv CERTVU#333628 http://www.kb.cert.org/vuls/id/333628 CVE CAN-2003-0693 CVE CAN-2003-0695 CVE CAN-2003-0682 Content of this advisory: 1) security vulnerability resolved: openssh problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds: - mysql 3) standard appendix (further information) ______________________________________________________________________________ -- Ben Rosenberg ---===---===---===--- mailto:ben@whack.org ----- If two men agree on everything, you can be sure that only one of them is doing the thinking.