-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2003-31
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 アナウンス日 : 2003/05/13
 最終更新日   : 2003/05/21

 パッケージ名 : openssh

 タイトル : ユーザ名の漏洩

 概要 : openssh は、ユーザが存在しない場合、エラーメッセージを即時に返してしまいます。
      そのため、タイミング攻撃を受けて、存在するユーザ名を推測される可能性があります。

 影響 : 遠隔地の第三者に、存在するユーザ名が漏洩する可能性があります。

 影響製品 :

    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1
    - Turbolinux Workstation 6.0

 対策方法 : 下記パッケージにアップデートを行って下さい。
          アップデートはturbopkgコマンドを使用して行ってください。


 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   openssh-3.6.1p1-11.src.rpm
       922615 d8db86b93b1bb1f0eff54176b9f78652

   Binary Packages
   Size : MD5

   openssh-3.6.1p1-11.i586.rpm
       183709 2001ba97dc2ff9028902c81f82cebac8
   openssh-askpass-3.6.1p1-11.i586.rpm
        32792 55bf100facd53053406a7808ed45b12c
   openssh-askpass-gnome-3.6.1p1-11.i586.rpm
        14040 402993f41c642e81ab5c5a0d037bf898
   openssh-clients-3.6.1p1-11.i586.rpm
       210302 789a9c06751a1b17fda842d63548ae48
   openssh-server-3.6.1p1-11.i586.rpm
       223222 e341abf8669ef0dbd7c300f07168b61b

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   openssh-3.6.1p1-11.src.rpm
       922615 bdb287c39fa4dc3d4ebbbbf586a8c03c

   Binary Packages
   Size : MD5

   openssh-3.6.1p1-11.i586.rpm
       183694 ebe978597f902dd9589ea82eb5456080
   openssh-askpass-3.6.1p1-11.i586.rpm
        32766 46e5347dfd4a989edecaacfd8d2117a4
   openssh-clients-3.6.1p1-11.i586.rpm
       210410 6b0594339f576716120226a3657625b7
   openssh-server-3.6.1p1-11.i586.rpm
       223250 0d0c7c71b0834f0c12e36744fd79ea53

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   openssh-3.6.1p1-11.src.rpm
       922615 de79063eb5518cabc0e3501c35d695e4

   Binary Packages
   Size : MD5

   openssh-3.6.1p1-11.i586.rpm
       180107 9b2d11131337a4fbaacb07c59d461e9a
   openssh-askpass-3.6.1p1-11.i586.rpm
        32309 4f22d99e58b60cb33443ea0c3679b9b9
   openssh-clients-3.6.1p1-11.i586.rpm
       204421 652fde9c029d066773b8a079fd31f33a
   openssh-server-3.6.1p1-11.i586.rpm
       216270 0feba4ba855868d7fd8cb8490731e9f8

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   openssh-3.6.1p1-11.src.rpm
       922615 4ec0ede4a7746fac1ed0ff08eba0e315

   Binary Packages
   Size : MD5

   openssh-3.6.1p1-11.i586.rpm
       180147 ae5d67fe212555b95a9488afed90c69b
   openssh-askpass-3.6.1p1-11.i586.rpm
        32289 240836a3156aa0d9115bafb49e6d8059
   openssh-clients-3.6.1p1-11.i586.rpm
       204467 068bbbf513c3ae976338db26569c54b4
   openssh-server-3.6.1p1-11.i586.rpm
       216284 0ed9fa045b509c4c566d35fe9fc54651

 <Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   openssh-3.6.1p1-11.src.rpm
       922615 bd9af261c15d8cf112b6e5e72df725d7

   Binary Packages
   Size : MD5

   openssh-3.6.1p1-11.i386.rpm
       202996 edb771c092c4bdf83d74d84be90c6bcb
   openssh-askpass-3.6.1p1-11.i386.rpm
        31989 c27a6b89b64e9992d1555d920eb0375e
   openssh-clients-3.6.1p1-11.i386.rpm
       236782 ef74923445200c82671104bbe50371ef
   openssh-server-3.6.1p1-11.i386.rpm
       247422 079405eb11a76806df51ca65d47a2d56

 <Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   openssh-3.6.1p1-11.src.rpm
       922615 229f036969f74313ba0317eafc322fcc

   Binary Packages
   Size : MD5

   openssh-3.6.1p1-11.i386.rpm
       202990 dd437be00ce09a0077a9bed9cd9ee5d6
   openssh-askpass-3.6.1p1-11.i386.rpm
        31992 ec0a88706a06f1b4b9823b212fd9d56a
   openssh-askpass-gnome-3.6.1p1-11.i386.rpm
        13697 966ff854db07c67bdfcdbdcc853d4f95
   openssh-clients-3.6.1p1-11.i386.rpm
       236774 a403fe08b7b483ee3369135d5bd6eb79
   openssh-server-3.6.1p1-11.i386.rpm
       247423 839397e1d98b17ad4950bd604992470b

 <Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   openssh-3.6.1p1-11.src.rpm
       922615 a0b81fcdf3266e09cd21444adc68ed17

   Binary Packages
   Size : MD5

   openssh-3.6.1p1-11.i386.rpm
       202991 70536840d83fe4ba60fa27261f03a373
   openssh-askpass-gnome-3.6.1p1-11.i386.rpm
        13695 c34c1a778d28f178354fd1b8008bfb1c
   openssh-clients-3.6.1p1-11.i386.rpm
       236787 2c73357f8d920fcdf85333fb2d0cee35
   openssh-server-3.6.1p1-11.i386.rpm
       247367 aed8bdc4512ebd5f7d26bff989fcb0a6

 <Turbolinux Workstation 6.0>

   Source Packages
   Size : MD5

   openssh-3.6.1p1-11.src.rpm
       922615 31c758f705628805564485675771b9b6

   Binary Packages
   Size : MD5

   openssh-3.6.1p1-11.i386.rpm
       203003 105243bdbcfc6de251b09b3bda729224
   openssh-askpass-3.6.1p1-11.i386.rpm
        31992 5f0babf4d89e88c1dade240186c8de56
   openssh-askpass-gnome-3.6.1p1-11.i386.rpm
        13699 31b75a8f94ca86f687f68333e8ba0567
   openssh-clients-3.6.1p1-11.i386.rpm
       236784 59a89502f691fc99ee0dc0965547ecff
   openssh-server-3.6.1p1-11.i386.rpm
       247385 fd477b6a5a5af8ae9454eefc0d7f32ae


 関連文章 :

 CVE
   [CAN-2003-0190]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0190

 --------------------------------------------------------------------------
 更新履歴
   初版   2003/05/13
   第２版 2003/05/21 MD5 の修正
 --------------------------------------------------------------------------

 Copyright(C) 2003 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+y48NK0LzjOqIJMwRAv1hAKC90XC5sPpv0SnbRwnxTQvyoHXXHwCdExkK
mAZKOLnwuAew7/GPIRhRq7c=
=co/5
-----END PGP SIGNATURE-----