similar to: [alambert@quickfire.org: Heads up -- potential problems in 3.7, too? [Fwd: OpenSSH Security Advisory: buffer.adv]]

This is the 1st revision of the Advisory. This document can be found at: http://www.openssh.com/txt/buffer.adv 1. Versions affected: All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively. 2. Solution: Upgrade to OpenSSH

This is the 1st revision of the Advisory. This document can be found at: http://www.openssh.com/txt/buffer.adv 1. Versions affected: All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively. 2. Solution: Upgrade to OpenSSH

Hello, I am having a problem with a new server running FreeBSD 4.9-PRERELEASE. Once every two days or so, it reboots itself.. there is no exact time of the day it reboots.. It rebooted itself at 4:25 PM EDT on 9/25, and 3:05 AM EDT on 9/29 (today). I thought it's the bad memory or some sort, so I've been running memtest today and memtest reports no sign of trouble with the memory...

As before, it is described on our website. This should apply fairly cleanly to both portable and openbsd ssh. http://www.psc.edu/networking/hpn-ssh/ Only in openssh-3.8.1p1-dynwindow: Makefile diff -u openssh-3.8.1p1/buffer.c openssh-3.8.1p1-dynwindow/buffer.c --- openssh-3.8.1p1/buffer.c 2003-11-21 07:56:47.000000000 -0500 +++ openssh-3.8.1p1-dynwindow/buffer.c 2004-07-12 07:49:29.000000000

OK, an official OpenSSH advisory was released, see here: <URL: http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html > The fix is currently in FreeBSD -CURRENT and -STABLE. It will be applied to the security branches as well today. Attached are patches: buffer46.patch -- For FreeBSD 4.6-RELEASE and later buffer45.patch -- For FreeBSD 4.5-RELEASE and

We have developed a patch that enables changing the SSH window size using the tcp window size as the source. This allows SSH to obtain maximum use of the bandwidth on high BDP links. We also have a page that describes the changes and performance. http://www.psc.edu/~rapier/hpn-ssh/ The patch against CVS is included here. Common subdirectories: src/usr.bin/ssh/CVS and ssh/CVS diff -u

Commit-ID: cf9ea962f1fb310a92efd184f14df2c04b30f75a Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=cf9ea962f1fb310a92efd184f14df2c04b30f75a Author: Jim Meyering <meyering at redhat.com> AuthorDate: Fri, 8 Jul 2011 16:12:20 +0800 Committer: maximilian attems <max at stro.at> CommitDate: Mon, 2 Jul 2012 10:44:23 +0200 [klibc] [MEMALLOC] Avoid gcc warning:

Commit-ID: 21ceb151c758eb2384962b9ee8abc33b5bd674e9 Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=21ceb151c758eb2384962b9ee8abc33b5bd674e9 Author: Herbert Xu <herbert at gondor.apana.org.au> AuthorDate: Thu, 31 May 2018 01:51:48 +0800 Committer: Ben Hutchings <ben at decadent.org.uk> CommitDate: Sat, 28 Mar 2020 21:42:55 +0000 [klibc] dash: memalloc: Avoid

I've done a bit more investigation into this issue. Here is my current understanding of the situation: 1. I have a package on CRAN (corpus-0.3.1) that passes tests on all platforms except for Linux. 2. My package defines a C function, "xrealloc", for internal use. 3. The libreadline library that R links to defines a different version of "xrealloc". 4. On Linux, when I

This affects only 3.7p1 and 3.7.1p1. The advice to leave PAM disabled is far from heartening, nor is the semi-lame blaming the PAM spec for implementation bugs. I happen to like OPIE for remote access. Subject: Portable OpenSSH Security Advisory: sshpam.adv This document can be found at: http://www.openssh.com/txt/sshpam.adv 1. Versions affected: Portable OpenSSH versions 3.7p1

Hi, I'm not a programmer nor able to fully understand the code of openssh in detail - hence my question here. Out of curiosity I was looking at the patch for CVE-2002-0083 and tried to understand what the actual problem is, but failed: --- channels_old.c?? ?Mon Mar? 4 02:07:06 2002 +++ channels.c?? ?Mon Mar? 4 02:07:16 2002 @@ -151,7 +151,7 @@ ?channel_lookup(int id) ?{ ??? ?Channel *c; -??

I have a package on CRAN now (corpus-0.3.1) that is currently failing tests on Linux, but passing on all other architectures: https://cran.r-project.org/web/checks/check_results_corpus.html I believe that the issue arrises from a namespace class between "xrealloc", which my package provides for internal use, but which R also seems to provide (possibly as part of TRE in

Recent proftpd security vulnerability release FYI. Ports has latest patched proftpd distribution. -- Jez http://www.munk.nu/ -------------- next part -------------- An embedded message was scrubbed... From: Dave Ahmad <da@securityfocus.com> Subject: ISS Security Brief: ProFTPD ASCII File Remote Compromise Vulnerability (fwd) Date: Tue, 23 Sep 2003 10:25:54 -0600 (MDT) Size: 4588 Url:

On 11 May 2017 at 12:16, Patrick Perry wrote: | I've done a bit more investigation into this issue. Here is my current | understanding of the situation: | | 1. I have a package on CRAN (corpus-0.3.1) that passes tests on all | platforms except for Linux. | 2. My package defines a C function, "xrealloc", for internal use. | 3. The libreadline library that R links to defines a

Commit-ID: 1df4e2a6786b049decbc6ab1683108da86479891 Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=1df4e2a6786b049decbc6ab1683108da86479891 Author: Herbert Xu <herbert at gondor.apana.org.au> AuthorDate: Sat, 19 May 2018 02:39:46 +0800 Committer: Ben Hutchings <ben at decadent.org.uk> CommitDate: Sat, 28 Mar 2020 21:42:55 +0000 [klibc] dash: memalloc: Add

Hi all, I recently ran into some problems with rsync. My plan is to renew some of our old administration concepts from early 90's, I already replaced rdist with rsync a few years ago. Because of the rdist legacy, the current method requires synchronizing files into 6 different locations, {/alt,/usr/alt}/{hostdep,sysdep,hutdep}, which in turn are prioritized by a tool that just symlinks

Has anyone around here heard of this ? ---Mike >Subject: Re: [Full-Disclosure] new ssh exploit? >From: christopher neitzert <chris@neitzert.com> >Reply-To: chris@neitzert.com >To: full-disclosure@lists.netsys.com >X-Mailer: Ximian Evolution 1.4.3.99 >Sender: full-disclosure-admin@lists.netsys.com >X-BeenThere: full-disclosure@lists.netsys.com

1. Systems affected: All versions of OpenSSH between 2.0 and 3.0.2 contain an off-by-one error in the channel code. OpenSSH 3.1 and later are not affected. 2. Impact: This bug can be exploited locally by an authenticated user logging into a vulnerable OpenSSH server or by a malicious SSH server attacking a vulnerable OpenSSH client. 3. Solution: Upgrade to

1. Systems affected: All versions of OpenSSH between 2.0 and 3.0.2 contain an off-by-one error in the channel code. OpenSSH 3.1 and later are not affected. 2. Impact: This bug can be exploited locally by an authenticated user logging into a vulnerable OpenSSH server or by a malicious SSH server attacking a vulnerable OpenSSH client. 3. Solution: Upgrade to

-----Original Message----- From: Ovanes Manucharyan Sent: Thursday, March 07, 2002 3:34 PM To: 'openssh at openssh.com' Subject: Unable to compile latest release on Linux Hello, I tried to compile the latest portable version (openssh-3.1p1) to no avail. I tried 2 different configuration combinations with the same problem. ./configure --with-pam --with-tcp-wrappers