yes it did, it is a security fix for a serious bug in openssh which will be released sometime in the next week. the other main part of the fix is to ensure that the line UsePrivilegeSeparation yes exists in /etc/ssh/sshd_config Ewan On Wed, 2002-06-26 at 17:57, RR wrote:
did the new openshhs add an entry to /etc/passwd
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com
On Wed, Jun 26, 2002 at 06:32:30PM +0100, Ewan Leith wrote:
yes it did, it is a security fix for a serious bug in openssh which will be released sometime in the next week.
the other main part of the fix is to ensure that the line
UsePrivilegeSeparation yes
exists in /etc/ssh/sshd_config
I installed openssh 3.3 using YOU and it did not add this line to sshd_config. According to www.openssh.org, it's the default in v3.3. Is it correct? BTW, v3.4 is out and available on www.openssh.org I guess SuSE rpms will follow really soon. -Kastus
* Konstantin (Kastus) Shchuka (kastus@tsoft.com) [020626 10:45]:
I installed openssh 3.3 using YOU and it did not add this line to sshd_config. According to www.openssh.org, it's the default in v3.3. Is it correct?
This has been discussed on suse-security quite a bit and there's a new announcement regarding this today: http://lists.suse.com/archive/suse-security-announce/2002-Jun/0006.html UsePrivilegeSeparation wasn't enabled by default because it was judged to be too new and untested to be relied on as a workaround (and it can cause problems with pam, etc.). Olaf Kirch, who is handling this advisory, has posted the following about it: http://lists.suse.com/archive/suse-security/2002-Jun/0373.html http://lists.suse.com/archive/suse-security/2002-Jun/0394.html In short, it's still not clear what's really going on and, to be on the safe side, sshd should either be shutdown completely or have its access restricted with iptables/ipchains until it's all sorted out. -- -ckm
* Christopher Mahmood (ckm@suse.com) [020626 12:06]:
UsePrivilegeSeparation wasn't enabled by default because it was judged to be too new and untested to be relied on as a workaround (and it can cause problems with pam, etc.).
Sorry, this is completely wrong. UsePrivilegeSeparation *is* on by default. It defaults to on so there's no need to set it in sshd_config. -- -ckm
On Wed, Jun 26, 2002 at 06:32:30PM +0100, Ewan Leith wrote:
yes it did, it is a security fix for a serious bug in openssh which will be released sometime in the next week.
The more permanent fix was just announced along with the release of OpenSSH 3.4. http://www.openssh.org/ Best Regards, Keith -- LPIC-2, MCSE, N+ Right behind you, I see the millions Got spam? Get spastic http://spastic.sourceforge.net
participants (5)
-
Christopher Mahmood -
Ewan Leith -
Keith Winston -
Konstantin (Kastus) Shchuka -
RR