RedHat 安全公告:OpenSSH 软件包升级公告

pgtm_love

RedHat 安全公告:OpenSSH 软件包升级公告(转)


  涉及程序：
OpenSSH  
  
描述：
RedHat 安全公告:OpenSSH 软件包升级公告
  
详细：
RedHat 发布安全公告，指出 OpenSSH daemon(sshd) 3.1 以前的所有版本发现
一个 off-by-one error，可能允许经过验证的使用者在远程 server 上执行任
意指令，或者设计一个恶意的 SSH server 攻击受影响的 OpenSSH client。

Redhat 建议使用者更新至包含 OpenSSH 3.1 的套件。

CVE 给予此弱点编号 CAN-2002-0083。

影响平台
Red Hat Linux 7.0 - alpha, i386
Red Hat Linux 7.1 - alpha, i386, ia64
Red Hat Linux 7.2 - i386, ia64
解决方案：

升级 OpenSSH 软件包

rpm -Fvh [filenames]

[filenames] 代表你要用来更新的 RPMs。只有目前有安装的 RPMs 才可更新，
那些没有安
装过但是包含在 filenames 内的 RPMs 将不会被更新。注意，如果你目前所在
目录下只包
含想要的RPMs，你也可以使用万用字符(*.rpm)请注意，你也可以由Red Hat
Network 取得
更新，有各种更新的方式，要使用 Red Hat Network，可由以下指令激活 Red
Hat Update
Agent:

up2date

这将激活一个互动的程序将您系统上适当的RPMs升级。

RPMs 需求：
Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/openssh-3.1p1-1.src.rpm

alpha:
ftp://updates.redhat.com/7.0/en/ ... h-3.1p1-1.alpha.rpm
ftp://updates.redhat.com/7.0/en/ ... ients-3.1p1-1.alpha
.rpm
ftp://updates.redhat.com/7.0/en/ ... rver-3.1p1-1.alpha.
rpm
ftp://updates.redhat.com/7.0/en/ ... kpass-3.1p1-1.alpha
.rpm
ftp://updates.redhat.com/7.0/en/ ... kpass-gnome-3.1p1-1
.alpha.rpm

i386:
ftp://updates.redhat.com/7.0/en/os/i386/openssh-3.1p1-1.i386.rpm
ftp://updates.redhat.com/7.0/en/ ... ents-3.1p1-1.i386.r
pm
ftp://updates.redhat.com/7.0/en/ ... ver-3.1p1-1.i386.rp
m
ftp://updates.redhat.com/7.0/en/ ... pass-3.1p1-1.i386.r
pm
ftp://updates.redhat.com/7.0/en/ ... pass-gnome-3.1p1-1.
i386.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/openssh-3.1p1-1.src.rpm

alpha:
ftp://updates.redhat.com/7.1/en/ ... h-3.1p1-1.alpha.rpm
ftp://updates.redhat.com/7.1/en/ ... ients-3.1p1-1.alpha
.rpm
ftp://updates.redhat.com/7.1/en/ ... rver-3.1p1-1.alpha.
rpm
ftp://updates.redhat.com/7.1/en/ ... kpass-3.1p1-1.alpha
.rpm
ftp://updates.redhat.com/7.1/en/ ... kpass-gnome-3.1p1-1
.alpha.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/openssh-3.1p1-1.i386.rpm
ftp://updates.redhat.com/7.1/en/ ... ents-3.1p1-1.i386.r
pm
ftp://updates.redhat.com/7.1/en/ ... ver-3.1p1-1.i386.rp
m
ftp://updates.redhat.com/7.1/en/ ... pass-3.1p1-1.i386.r
pm
ftp://updates.redhat.com/7.1/en/ ... pass-gnome-3.1p1-1.
i386.rpm

ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/openssh-3.1p1-1.ia64.rpm
ftp://updates.redhat.com/7.1/en/ ... ents-3.1p1-1.ia64.r
pm
ftp://updates.redhat.com/7.1/en/ ... ver-3.1p1-1.ia64.rp
m
ftp://updates.redhat.com/7.1/en/ ... pass-3.1p1-1.ia64.r
pm
ftp://updates.redhat.com/7.1/en/ ... pass-gnome-3.1p1-1.
ia64.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/openssh-3.1p1-2.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/openssh-3.1p1-2.i386.rpm
ftp://updates.redhat.com/7.2/en/ ... ents-3.1p1-2.i386.r
pm
ftp://updates.redhat.com/7.2/en/ ... ver-3.1p1-2.i386.rp
m
ftp://updates.redhat.com/7.2/en/ ... pass-3.1p1-2.i386.r
pm
ftp://updates.redhat.com/7.2/en/ ... pass-gnome-3.1p1-2.
i386.rpm

ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/openssh-3.1p1-2.ia64.rpm
ftp://updates.redhat.com/7.2/en/ ... ents-3.1p1-2.ia64.r
pm
ftp://updates.redhat.com/7.2/en/ ... ver-3.1p1-2.ia64.rp
m
ftp://updates.redhat.com/7.2/en/ ... pass-3.1p1-2.ia64.r
pm
ftp://updates.redhat.com/7.2/en/ ... pass-gnome-3.1p1-2.
ia64.rpm
验证：
MD5 sum                 Package Name
-
----------------------------------------------------------------------
----
26d50a9b0c36fb1dc58247fbf0e413af
7.0/en/os/SRPMS/openssh-3.1p1-1.src.rpm
54de9c01ad5fe21e228d0b4d48581e62
7.0/en/os/alpha/openssh-3.1p1-1.alpha.rpm
9ceeff94d7f2bc34dbbaf8c36012eb3a
7.0/en/os/alpha/openssh-askpass-3.1p1-1.alpha.rpm
1d9ec549531b3c53221d522ab305af42
7.0/en/os/alpha/openssh-askpass-gnome-3.1p1-1.alpha.rpm
b1ea5c7c6b0de2887b09848138c21e9b
7.0/en/os/alpha/openssh-clients-3.1p1-1.alpha.rpm
41b8b1cbf4842b1f2075155fa8f65b72
7.0/en/os/alpha/openssh-server-3.1p1-1.alpha.rpm
e250bc4f15b417d23cee868030e576a3
7.0/en/os/i386/openssh-3.1p1-1.i386.rpm
84076eb5a5b79c42314c2b904ad1b3a7
7.0/en/os/i386/openssh-askpass-3.1p1-1.i386.rpm
57428dc06c9dfa3447038c59cc179ff2
7.0/en/os/i386/openssh-askpass-gnome-3.1p1-1.i386.rpm
497cfa67d62ebd7b8b97dddf0267309c
7.0/en/os/i386/openssh-clients-3.1p1-1.i386.rpm
9aef89c9b5e5ca5b463789d8ff245d7f
7.0/en/os/i386/openssh-server-3.1p1-1.i386.rpm
26d50a9b0c36fb1dc58247fbf0e413af
7.1/en/os/SRPMS/openssh-3.1p1-1.src.rpm
54de9c01ad5fe21e228d0b4d48581e62
7.1/en/os/alpha/openssh-3.1p1-1.alpha.rpm
9ceeff94d7f2bc34dbbaf8c36012eb3a
7.1/en/os/alpha/openssh-askpass-3.1p1-1.alpha.rpm
1d9ec549531b3c53221d522ab305af42
7.1/en/os/alpha/openssh-askpass-gnome-3.1p1-1.alpha.rpm
b1ea5c7c6b0de2887b09848138c21e9b
7.1/en/os/alpha/openssh-clients-3.1p1-1.alpha.rpm
41b8b1cbf4842b1f2075155fa8f65b72
7.1/en/os/alpha/openssh-server-3.1p1-1.alpha.rpm
e250bc4f15b417d23cee868030e576a3
7.1/en/os/i386/openssh-3.1p1-1.i386.rpm
84076eb5a5b79c42314c2b904ad1b3a7
7.1/en/os/i386/openssh-askpass-3.1p1-1.i386.rpm
57428dc06c9dfa3447038c59cc179ff2
7.1/en/os/i386/openssh-askpass-gnome-3.1p1-1.i386.rpm
497cfa67d62ebd7b8b97dddf0267309c
7.1/en/os/i386/openssh-clients-3.1p1-1.i386.rpm
9aef89c9b5e5ca5b463789d8ff245d7f
7.1/en/os/i386/openssh-server-3.1p1-1.i386.rpm
f0d343b01c91bb5b99a1c84992e0fdca
7.1/en/os/ia64/openssh-3.1p1-1.ia64.rpm
1de814f44f07bef9a95d1802c507c79f
7.1/en/os/ia64/openssh-askpass-3.1p1-1.ia64.rpm
b01087dc75468ad5a79492bcd83a269e
7.1/en/os/ia64/openssh-askpass-gnome-3.1p1-1.ia64.rpm
25a34e33830ada8c24b71934cdb246ef

7.1/en/os/ia64/openssh-clients-3.1p1-1.ia64.rpm
3c2ef228fc7e4d8a1b94a5600ace8912
7.1/en/os/ia64/openssh-server-3.1p1-1.ia64.rpm
f90c4686944897e87b15be09626ff4dc
7.2/en/os/SRPMS/openssh-3.1p1-2.src.rpm
f8c46c51f3bd74a8437a7fb1f0b15502
7.2/en/os/i386/openssh-3.1p1-2.i386.rpm
ef80fbb8b75ed3ff627c2fe060fc5165
7.2/en/os/i386/openssh-askpass-3.1p1-2.i386.rpm
7b2a01eff4dcf0601ff4b54becb949d6
7.2/en/os/i386/openssh-askpass-gnome-3.1p1-2.i386.rpm
1d2528e9f4af919f730423b7bb7a815d
7.2/en/os/i386/openssh-clients-3.1p1-2.i386.rpm
7b65f56a9044dad10f02f444774a9b32
7.2/en/os/i386/openssh-server-3.1p1-2.i386.rpm
343c66f5608e3fd48d5c3b12b66096fa
7.2/en/os/ia64/openssh-3.1p1-2.ia64.rpm
04c1c42e644d9470c41138ffed684628
7.2/en/os/ia64/openssh-askpass-3.1p1-2.ia64.rpm
72aef4e9c4f0213ca371d205830cb05e
7.2/en/os/ia64/openssh-askpass-gnome-3.1p1-2.ia64.rpm
c07001458b48ba0dbb2e960db9b93eb9
7.2/en/os/ia64/openssh-clients-3.1p1-2.ia64.rpm
700054c98ffbec257d4c1b12b02a9867
7.2/en/os/ia64/openssh-server-3.1p1-2.ia64.rpm

这些套件基于安全理由，均由 Red Hat 公司使用 GPG 签章，可至下列网址取得
key：
http://www.redhat.com/about/contact.html
你可以用以下指令来进行验证:
rpm --checksig

如果你只想验证软件没有被更改或者损坏的话，可用以下指令检查md5sum：
rpm --checksig --nogpg