On Friday 28 June 2002 17.32, David Monk wrote:
I just noticed the openssh update in YOU. I got it, had major troubles with it, then reverted to the originally installed openssh that came with 7.3. Deciding to give it another whirl to see if I could fix the failed password problem myself. Could be a typo somewhere in the pam config for sshd? I noticed the update is no longer available in YOU. Anyone have any idea when SuSE might release this? I have a few boxes that I need to be able to ssh into from the internet, and I hate having a vulnerable service exposed.
The version that was on 7.3 has a vulnerability. Don't run it on a box exposed to the net. The version that was issued to fix that should be ok. If I understand the discussion that's been going on lately, the latest "vulnerability" is nothing to worry about if you're running the default config. It relies on features that are turned off by default. You should subscribe to suse-security if you want more info on this. Send a mail to suse-security-subscribe@suse.com to do so regards Anders -- `When I use a word,' Humpty Dumpty said in rather a scornful tone, `it means just what I choose it to mean -- neither more nor less.'