Mailinglist Archive: opensuse (3653 mails)
| < Previous | Next > |
Re: [SLE] openssh update
- From: Anders Johansson <andjoh@xxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 28 Jun 2002 17:26:29 +0200
- Message-id: <200206281726.29897.andjoh@xxxxxxxxxxxxxxxxxxxxx>
On Friday 28 June 2002 17.32, David Monk wrote:
> I just noticed the openssh update in YOU. I got it, had major troubles with
> it, then reverted to the originally installed openssh that came with 7.3.
> Deciding to give it another whirl to see if I could fix the failed password
> problem myself. Could be a typo somewhere in the pam config for sshd? I
> noticed the update is no longer available in YOU.
> Anyone have any idea when SuSE might release this? I have a few boxes that
> I need to be able to ssh into from the internet, and I hate having a
> vulnerable service exposed.
The version that was on 7.3 has a vulnerability. Don't run it on a box exposed
to the net. The version that was issued to fix that should be ok.
If I understand the discussion that's been going on lately, the latest
"vulnerability" is nothing to worry about if you're running the default
config. It relies on features that are turned off by default.
You should subscribe to suse-security if you want more info on this. Send a
mail to suse-security-subscribe@xxxxxxxx to do so
regards
Anders
--
`When I use a word,' Humpty Dumpty said in rather a scornful tone, `it means
just what I choose it to mean -- neither more nor less.'
> I just noticed the openssh update in YOU. I got it, had major troubles with
> it, then reverted to the originally installed openssh that came with 7.3.
> Deciding to give it another whirl to see if I could fix the failed password
> problem myself. Could be a typo somewhere in the pam config for sshd? I
> noticed the update is no longer available in YOU.
> Anyone have any idea when SuSE might release this? I have a few boxes that
> I need to be able to ssh into from the internet, and I hate having a
> vulnerable service exposed.
The version that was on 7.3 has a vulnerability. Don't run it on a box exposed
to the net. The version that was issued to fix that should be ok.
If I understand the discussion that's been going on lately, the latest
"vulnerability" is nothing to worry about if you're running the default
config. It relies on features that are turned off by default.
You should subscribe to suse-security if you want more info on this. Send a
mail to suse-security-subscribe@xxxxxxxx to do so
regards
Anders
--
`When I use a word,' Humpty Dumpty said in rather a scornful tone, `it means
just what I choose it to mean -- neither more nor less.'
| < Previous | Next > |