Hi Norbert, On Monday 26 March 2001 12:49, Norbert Preining wrote:
Hi there!
Is there already an update for the new openssh (2.5.2p2) version which includes various security fixes?
I think in the discussion a few weeks ago it turned out that SuSE's default policy is to only offer patched versions of packages they ship with their CD's, i.e. if there is no security hole there probably won't be a feature upgrade. But I'm just in the course of building rpms for SuSE 7.0 (maybe SuSE 7.1) and I will offer the rpms, the spec file as well as a short instruction on building openssh for SuSE from source rpm (which you can download from www.openssh.org) on our web site, so stay tuned. With an appropriate spec file, it's a one-liner. By the way, I was surprised at how many people actually downloaded the binary rpm for openssh-2.5.1p1 from our web site Though I don't have any bad intentions at all, you should have no reason to trust me, and _never_ download security sensitive packages from untrusted sources. Anyway, it was a nice field test on how far you _could_ probably get with "social engineering" in security mailing lists. Maybe Kurt wants to write an article on that subject ...? ;-)
Best wishes
Norbert
Regards, Martin -- Martin Leweling Institut fuer Planetologie, WWU Muenster Wilhelm-Klemm-Str. 10, 48149 Muenster, Germany Tel.: +49-251-83-33557 Fax: +49-251-83-39083 E-Mail (work): lewelin@uni-muenster.de