Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
Re: [suse-security] Did SuSE hack ls or which?
- From: Steffen Dettmer <steffen@xxxxxxx>
- Date: Tue, 27 Nov 2001 13:48:07 +0100
- Message-id: <20011127134807.F2231@xxxxxxxxx>
* Roman Drahtmueller wrote on Tue, Nov 27, 2001 at 10:22 +0100:
> > Make sure to use the newest openssh (Version 3.xxx), there are xploits
> > around for the elder ones.
>
> Really??? For which vulnerability, for which versions, which
> implementations?
>
> Please be careful with such statements.
>
> The statement is clearly wrong as you made it.
According to the SuSE website, openssh needs a security upgrade
to 2.9.9p2 but only to avoid a source-IP based authentification
problem in protocol 2 (by this, it looks not extremly serious).
This package is available for 7.1 and newer. I assume older
versions should use the 7.1 packages?
For SSH, there is a CRC32 update with 1.2.27-239 which is
serious. This package is avialable to 7.1 and newer. I assume
older versions should use this.
Is that correct so? Otherwise please correct it to clarify that
SSH myst now :)
oki,
Steffen
--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.
> > Make sure to use the newest openssh (Version 3.xxx), there are xploits
> > around for the elder ones.
>
> Really??? For which vulnerability, for which versions, which
> implementations?
>
> Please be careful with such statements.
>
> The statement is clearly wrong as you made it.
According to the SuSE website, openssh needs a security upgrade
to 2.9.9p2 but only to avoid a source-IP based authentification
problem in protocol 2 (by this, it looks not extremly serious).
This package is available for 7.1 and newer. I assume older
versions should use the 7.1 packages?
For SSH, there is a CRC32 update with 1.2.27-239 which is
serious. This package is avialable to 7.1 and newer. I assume
older versions should use this.
Is that correct so? Otherwise please correct it to clarify that
SSH myst now :)
oki,
Steffen
--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.
| < Previous | Next > |