Re: [suse-security] SuSE is not vulnerable to the SSH overflow
SuSE is *not* vulnerable to the reasonly found SSH overflow which can result in a root compromise. We don't use the RSA library which has got the bug.
Good to know of course, but it would be better to announce this on the suse-security-announce list. That's what it's there for, or? It would be much better if the security-announce list was working like the redhat-watch-list. It tells me what I need to know when I don't have time to follow endless discussions. SuSE's announcement policy was discussed here within the last few days. As an example, I received a CERT advisory re BIND problems at 2:30 this morning. At 9:43, I received a Red Hat security advisory saying "problem, fix" and listing the URL of the rpms to download for update. When will there be something similar from the SuSE announce list? Or is SuSE linux never vulnerable to these things? Hm, one wold have to be somewhat naive to think that. It would be good if SuSE changed their policy accordingly - important things to security-announce. The security list should be expendible. Volker
participants (1)
-
Volker Kuhlmann