Date: Wed, 15 Nov 2000 03:54:15 -0600 From: Bryan Paxton <bpaxton@SECURITYPORTAL.COM> Subject: LSLID:20001115 - Kondara - OpenSSH To: LINUX-SECURITY@LISTSERV.SECURITYPORTAL.COM LSLID:20001115 openssh(2000/11/15) Description the "openssh" packages distributed as "Kondara MNU/Linux 1.2 Nonfree" have security hole related X11 forwarding. you should upgrade these packages or clear this problem (See Reference below) RPMS/SRPMS alpha: ftp://ftp.jaist.ac.jp/pub/os/linux/kondara/Kondara-1.2/errata/alpha/openssh-2.3.0p1-4k.alpha.rpm ftp://ftp.jaist.ac.jp/pub/os/linux/kondara/Kondara-1.2/errata/alpha/openssh-askpass-2.3.0p1-4k.alpha.rpm ftp://ftp.jaist.ac.jp/pub/os/linux/kondara/Kondara-1.2/errata/alpha/openssh-askpass-gnome-2.3.0p1-4k.alpha.rpm ftp://ftp.jaist.ac.jp/pub/os/linux/kondara/Kondara-1.2/errata/alpha/openssh-clients-2.3.0p1-4k.alpha.rpm ftp://ftp.jaist.ac.jp/pub/os/linux/kondara/Kondara-1.2/errata/alpha/openssh-server-2.3.0p1-4k.alpha.rpm i586: ftp://ftp.jaist.ac.jp/pub/os/linux/kondara/Kondara-1.2/errata/i586/openssh-2.3.0p1-4k.i586.rpm ftp://ftp.jaist.ac.jp/pub/os/linux/kondara/Kondara-1.2/errata/i586/openssh-askpass-2.3.0p1-4k.i586.rpm ftp://ftp.jaist.ac.jp/pub/os/linux/kondara/Kondara-1.2/errata/i586/openssh-askpass-gnome-2.3.0p1-4k.i586.rpm ftp://ftp.jaist.ac.jp/pub/os/linux/kondara/Kondara-1.2/errata/i586/openssh-clients-2.3.0p1-4k.i586.rpm ftp://ftp.jaist.ac.jp/pub/os/linux/kondara/Kondara-1.2/errata/i586/openssh-clients-2.3.0p1-4k.i586.rpm SRPMS: ftp://ftp.jaist.ac.jp/os/linux/kondara/Kondara-1.2/errata/SRPMS/openssh-2.3.0p1-4k.nosrc.rpm References http://lwn.net/daily/openssh-bug.php3