nate wrote:
i sent a message to bugtraq a couple minutes ago asking the
people on the list if any other versions were tested. hoping
that it gets approved, usually takes a few hours or a day to
make it through.
but the way I read the advisory debian potato's SSH should
not be vulnerable to this bug. which would be great news to
me. the advisory only mentions openssh 3.0 and up being
possibly affected. no mention of any other versions being
vulnerable or not vulnerable, and no mention of any other versions
that were tested.
so i'm keepin my hopes up and my firewalls tight in the meantime !
No, potato's ssh packages are vunlerable and updates have been made
available; DSA-134 contains all the necessary information:
http://www.debian.org/security/2002/dsa-134.
Note that the upgraded openssh packages require update openssl packages; it
looks like the new openssl packages will co-exist with the older version
that shipped with potato, but I no longer have any potato systems so YMMV.
Phil
ps: it's great to be back on debian-user once again!
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
