I was wrong regarding the OpenSSH known vulneribilties and xploits. I mistook version 2.3.0 and 3.0.x. My apologies to the list and SuSE.
Steffen Dettmer wrote:
[...]
For SSH, there is a CRC32 update with 1.2.27-239 which is serious. This package is avialable to 7.1 and newer. I assume older versions should use this.
The update packages are available for 6.0 on. This is becoming a boomerang, and I start losing patience over it. :-) Read from my lips: The crypto packages for 7.1 and up are to be found on ftp.suse.com, for 7.0 and down they are on ftp.suse.de, for legal reasons. This is also mentioned in the security announcement from February 16th, to be found at http://www.suse.de/de/support/security/adv004_ssh.txt .
Is that correct so? Otherwise please correct it to clarify that SSH myst now :)
Yes that's correct, sorry again for spreading this myst.
Greetings Michael
Thanks,
Roman.
--
- -
| Roman Drahtmüller