Re: security report

2001-07-11 Thread will trillich
On Mon, Jul 02, 2001 at 12:01:05PM -0400, Thomas J. Hamman wrote: > On Mon, Jul 02, 2001 at 11:41:30AM -0400, Faheem Mitha wrote: > > I got the following security audit of a machine I recently installed > > Debian 2.2r3 on. I have run apt-get update and apt-get upgrade on it. The > > most serious p

Re: security report

2001-07-02 Thread Faheem Mitha
Dear People, Thanks for the responses to my somewhat clueless (in retrospect) post. I suppose I should have realised that the fixes were being applied to the stable version. I didn't realise Debian took things so seriously, though. (I don't think anyone else goes to so much trouble.) But I'm lear

Re: security report

2001-07-02 Thread John Hasler
Faheem Mitha writes: > I thought security vulnerabilities were supposed to be fixed in stable. They are. In most cases it is done by backporting the fix to the version already in stable. This was done to ssh some time ago. > And does anyone have thoughts about the other warnings reported? Alwa

Re: security report

2001-07-02 Thread Phil Brutsche
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > > Dear Debian People, > > I got the following security audit of a machine I recently installed > Debian 2.2r3 on. This looks like output from nessus. Take everything it reports with a grai

Re: security report

2001-07-02 Thread Leonard Stiles
Faheem Mitha <[EMAIL PROTECTED]> writes: > I got the following security audit of a machine I recently installed > Debian 2.2r3 on. I have run apt-get update and apt-get upgrade on it. The > most serious problem appears to be with ssh. What should I do about this, > if anything? > > Should I upgr

Re: security report

2001-07-02 Thread Thomas J. Hamman
On Mon, Jul 02, 2001 at 11:41:30AM -0400, Faheem Mitha wrote: > I got the following security audit of a machine I recently installed > Debian 2.2r3 on. I have run apt-get update and apt-get upgrade on it. The > most serious problem appears to be with ssh. What should I do about this, > if anything?

Re: security report

2001-07-02 Thread Derek MacLucas
On Mon, Jul 02, 2001 at 11:41:30AM -0400, Faheem Mitha wrote: > > Dear Debian People, > > I got the following security audit of a machine I recently installed > Debian 2.2r3 on. I have run apt-get update and apt-get upgrade on it. The > most serious problem appears to be with ssh. What should I d

security report

2001-07-02 Thread Faheem Mitha
Dear Debian People, I got the following security audit of a machine I recently installed Debian 2.2r3 on. I have run apt-get update and apt-get upgrade on it. The most serious problem appears to be with ssh. What should I do about this, if anything? Should I upgrade to a more recent version of