On Friday 28 June 2002 17.32, David Monk wrote:
I just noticed the openssh update in YOU. I got it, had major troubles with it, then reverted to the originally installed openssh that came with 7.3. Deciding to give it another whirl to see if I could fix the failed
problem myself. Could be a typo somewhere in the pam config for sshd? I noticed the update is no longer available in YOU. Anyone have any idea when SuSE might release this? I have a few boxes
----- Original Message ----- From: "Anders Johansson" <andjoh@cicada.linux-site.net> To: <suse-linux-e@suse.com> Sent: Friday, June 28, 2002 10:26 AM Subject: Re: [SLE] openssh update password that
I need to be able to ssh into from the internet, and I hate having a vulnerable service exposed.
The version that was on 7.3 has a vulnerability. Don't run it on a box exposed to the net. The version that was issued to fix that should be ok.
If I understand the discussion that's been going on lately, the latest "vulnerability" is nothing to worry about if you're running the default config. It relies on features that are turned off by default.
You should subscribe to suse-security if you want more info on this. Send a mail to suse-security-subscribe@suse.com to do so
Having a known vulnerability is the reason I want to get openssh updated. SuSE did supply an update earlier today, but it is no longer available. I am running a fairly stock config but with a couple additional items turned off. I will check out the security list archive. Thanks. David