patch your systems - new openssh exploit out

[jullrich at euclidian.com (Johannes Ullrich)]

To make things more interesting, there have been two OpenSSH updates
today. The first one, released early morning as 3.7p1 fixed buffer.c.
Later (couple hours ago), 3.7.1 was released. According to the notes, it
fixes additional issues.


I am not sure which version made it into the updates
various distros released.


On Tue, 2003-09-16 at 22:05, Jerry Feldman wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Tue, 16 Sep 2003 18:37:52 -0400
> "Clint M. Sand" <clint at neotrance.dyndns.org> wrote:
> 
> > 
> > There's a new openssh exploit out. A patch is released for openbsd.
> > and OpenSSH 3.7 is now out to address the problem on other platforms
> > (linux)
> > 
> > Just in case its not obvious, this has huge implications. Upgrade
> > asap.
> I noticed that my SuSE Update Checker was red, indicating there was a
> security patch available. One of the patches was the OpenSSH patch. 
> 
> 
> - -- 
> Jerry Feldman <gaf at blu.org>
> Boston Linux and Unix user group
> http://www.blu.org PGP key id:C5061EA9
> PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
> 
> iD8DBQE/Z8FP+wA+1cUGHqkRAjuxAJwO4V5t3nS4QT9iVYs26EqG6SE76gCffRJT
> Re1P3TzxwHV5c6vx1GzfAz4=
> =cQki
> -----END PGP SIGNATURE-----
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://www.blu.org/mailman/listinfo/discuss
-- 
--------------------------------------------------------------
Johannes Ullrich                     jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
--------------------------------------------------------------
   "We regret to inform you that we do not enable any of the 
    security functions within the routers that we install."
         support at covad.net
--------------------------------------------------------------