RE: [suse-security] OpenSSH Update [Redhat too]
Hello, Not to sound biased; we have plenty of SuSE and Redhat. Is Redhat also affected by this or is there any other documentation to account for this SSH issue other than the account from SuSE; in particuliar any advisories? Redhat SA told me they use the Redhat OpenSSH 3.1 patched version which is not vulnerable to this and does not have priv seperation or chroot support. Ryan S. -
* Ryan Swenson (Ryan.Swenson@togethersoft.com) [020625 12:16]: :: ::Redhat SA told me they use the Redhat OpenSSH 3.1 patched version which is not vulnerable to this and does not have priv seperation or chroot support. He's wrong. The vunerablity hasn't been announced yet so he wouldn't know if it was or not. The reason for using 3.3p1 w/ privsep is because it makes it harder to exploit this bug. I would do as the OpenBSD/OpenSSH team recommends just because it's their sandbox and they know it best. But this is just my opinion. -=Ben --=====-----=====-- mailto:ben@whack.org --=====-- Tell me what you believe..I tell you what you should see. -DP --=====-----=====--
Amigos: ¿Hasta cuantas placas de red puede 'soportar' Linux? ¿Debo pensar que tantas como soporte mi hardware? Gracias Ernesto
Please, go to suse-linux-s@suse.com for spanish assitence but! Puedes levantar n placas virtuales, en teoria, son infinitas, la pregunta es: que tanto arriegas una tarjeta de red? es una balanza, saludos On Tue, 2002-06-25 at 14:43, Grupo Dignitas wrote:
Amigos: ¿Hasta cuantas placas de red puede 'soportar' Linux? ¿Debo pensar que tantas como soporte mi hardware?
Gracias
Ernesto
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
--
-----------
Heinz Holtschmit
khh@wdev.org
heinz@openbsd.org.mx
1024D/EF44D02C 2002-04-04 Heinz Holtschmit
On Tue, 2002-06-25 at 15:14, Ryan Swenson wrote:
Hello,
Not to sound biased; we have plenty of SuSE and Redhat. Is Redhat also affected by this or is there any other documentation to account for this SSH issue other than the account from SuSE; in particuliar any advisories?
Here is a link to the original email by Theo de Raadt to bugtraq: http://lwn.net/Articles/3322/
SA told me they use the Redhat OpenSSH 3.1 patched version which is not vulnerable to this and does not have priv seperation or chroot support.
Don't know about Redhat, but since the details have not been released by the Openssh team, I am unsure how they can claim that. Charles -- Avoid the Gates of Hell. Use Linux (Unknown source)
participants (5)
-
Ben Rosenberg -
Charles Philip Chan -
Grupo Dignitas -
Karl-Heinz Holtschmit -
Ryan Swenson