Now here is the kicker: http://www.openpkg.org/security/OpenPKG-SA-2003.040-openssh.html
If you read through it, they mention this: "The discovery of additional similar errors by Solar Designer show that version 3.7.1 is affected, too. Those errors may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be cleared and corrupting the heap on fatal cleanups." So, look like a long week of patches. :-( --Keith On Wed, 17 Sep 2003, MKlinke wrote: Date: Wed, 17 Sep 2003 11:01:23 -0500 From: MKlinke <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: upgraded ssh from 3.1 to 3.7.1 - now getting connection refused On Wednesday 17 September 2003 10:38, [EMAIL PROTECTED] wrote: > Thanks, > > But the one that I was referring to, what the openssh that was > released this morrning, > http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September >/000064.html > > Wed Sep 17 01:13:10 EST 2003 > > This new version came out after they released a patch. It may not be > as critical as the previous bug fix, but still needs to be installed. > > The one that was released yesterday was openssh-3.7p1.tar.gz, the one > released this morrning was openssh-3.7.1p1.tar.gz. > > Just waiting on an rpm to patch more servers. > > Thanks, > > --Keith Ah, thanks for the link, I hadn't caught up on my Bugtraq reading this morning. I guess we can expect a new Red Hat release soon .... Regards, Mike Klinke -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
