Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
Re: [suse-security] Did SuSE hack ls or which?
- From: Roman Drahtmueller <draht@xxxxxxx>
- Date: Wed, 28 Nov 2001 12:31:31 +0100 (MET)
- Message-id: <Pine.LNX.4.33.0111281226410.21462-100000@xxxxxxxxxxxx>
>
> I was wrong regarding the OpenSSH known vulneribilties and xploits.
> I mistook version 2.3.0 and 3.0.x. My apologies to the list and SuSE.
>
> Steffen Dettmer wrote:
>
> >[...]
> >
> >For SSH, there is a CRC32 update with 1.2.27-239 which is
> >serious. This package is avialable to 7.1 and newer. I assume
> >older versions should use this.
The update packages are available for 6.0 on.
This is becoming a boomerang, and I start losing patience over it.
:-)
Read from my lips: The crypto packages for 7.1 and up are to be found on
ftp.suse.com, for 7.0 and down they are on ftp.suse.de, for legal reasons.
This is also mentioned in the security announcement from February 16th, to
be found at http://www.suse.de/de/support/security/adv004_ssh.txt .
> >Is that correct so? Otherwise please correct it to clarify that
> >SSH myst now :)
> >
> Yes that's correct, sorry again for spreading this myst.
>
>
> Greetings Michael
>
>
>
Thanks,
Roman.
--
- -
| Roman Drahtmüller <draht@xxxxxxx> // "You don't need eyes to see, |
SuSE GmbH - Security Phone: // you need vision!"
| Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless |
- -
> I was wrong regarding the OpenSSH known vulneribilties and xploits.
> I mistook version 2.3.0 and 3.0.x. My apologies to the list and SuSE.
>
> Steffen Dettmer wrote:
>
> >[...]
> >
> >For SSH, there is a CRC32 update with 1.2.27-239 which is
> >serious. This package is avialable to 7.1 and newer. I assume
> >older versions should use this.
The update packages are available for 6.0 on.
This is becoming a boomerang, and I start losing patience over it.
:-)
Read from my lips: The crypto packages for 7.1 and up are to be found on
ftp.suse.com, for 7.0 and down they are on ftp.suse.de, for legal reasons.
This is also mentioned in the security announcement from February 16th, to
be found at http://www.suse.de/de/support/security/adv004_ssh.txt .
> >Is that correct so? Otherwise please correct it to clarify that
> >SSH myst now :)
> >
> Yes that's correct, sorry again for spreading this myst.
>
>
> Greetings Michael
>
>
>
Thanks,
Roman.
--
- -
| Roman Drahtmüller <draht@xxxxxxx> // "You don't need eyes to see, |
SuSE GmbH - Security Phone: // you need vision!"
| Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless |
- -
| < Previous | Next > |