OpenSSH security fix

Linode Staff

RedHat, Gentoo, and Debian (at least) contain a security vulnerability in OpenSSH which will allow someone to remotely execute code as root.

Red Hat's Errata Page:

To upgrade, run the following commands (for Debian and RedHat)

apt-get update

apt-get install openssh

Please make sure your SSH daemons are either patched or upgraded.



3 Replies

There are too many connected users, please try later.

Has anyone ever used lsh? I'd really like to quit running openssh as these types of problems seem to be pretty common. I wish Dan Bernstein would write a ssh server :lol:


Depending on when you followed Chris' instructions regarding yesterday's vulnerability, you may need to upgrade SSH again:

> - –----------------------------------------------------------------------

Debian Security Advisory DSA-382-2 Wichert Akkerman

September 17, 2003

Package : ssh

Vulnerability : buffer handling

Problem type : possible remote

Debian-specific: no

CVS references : CAN-2003-0693 CAN-2003-0695

This advisory is an addition to the earlier DSA-382-1 advisory: two more

buffer handling problems have been found in addition to the one

described in DSA-382-1. It is not known if these bugs are exploitable,

but as a precaution an upgrade is advised.

For the Debian stable distribution these bugs have been fixed in version

1:3.4p1-1.woody.2 .

Please note that if a machine is setup to install packages from

proposed-updates it will not automatically install this update.

Sure enough, the Red Hat repository contains a newer version than the one from yesterday afternoon.

apt-get update

apt-get install openssh

Also note that I haven't updated the distros to contain these (and potentially other) security fixes. First thing out the door you should do with any new install is make sure it is up to date. (apt-get update; apt-get upgrade)



Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct