I installed the 3.3p1 patch on several Suse 7.1 boxes, 7 in the UK that I can reach locally yesterday and they all seem fine and 5 more in another country that I can't get to without a plane ticket :-( Sequence of installation was to use YOU to apply the patch while logged on via SSH on all machines then to shutdown -r now them, wait a bit then log back on. So far so good on all boxes. However, within 30 minutes of the reboot on the 5 machines that I cannot reach locally, 2 of them have become inaccessible. They don't ping and nmap with the -P0 option doesn't get any response from them. That looks pretty dead to me.
Neither of these two machines has done this before and up until now,
Never update packages and then reboot, if it's not needed. Normally rcsshd restart would have been enough (no kernelpatch was made). Shure, YOU did only update ssh-package - There were apache-updates as well! Next time first have a look, what has been updated (YOU shows it after downloading and setup). Then restart services by hand and only reboot, if kernel is patched. I handle things with caution, since I had several bad experiances. they've
up and running for 113 days without any issue.
I can't categorically state that it is the Openssh patch that's done this since I can't find anyone around to go and look at them to find out if they're sitting with an Ooops message or what's wrong with them. But it's suspicious enough that I've backed out 3.3p1 on the machines I can still get to and gone back to 2.9.9p2-98 for now.
Openssh.org did send the really useful announcement too late. This says, that the old ssh shipped with suse is not vulnerable in the default config. Another thing is, that the 3.3 is too buggy (no kompression, pam not 100% supported). Philippe