* Roman Drahtmueller wrote on Tue, Nov 27, 2001 at 10:22 +0100:
Make sure to use the newest openssh (Version 3.xxx), there are xploits around for the elder ones.
Really??? For which vulnerability, for which versions, which implementations?
Please be careful with such statements.
The statement is clearly wrong as you made it.
According to the SuSE website, openssh needs a security upgrade to 2.9.9p2 but only to avoid a source-IP based authentification problem in protocol 2 (by this, it looks not extremly serious). This package is available for 7.1 and newer. I assume older versions should use the 7.1 packages? For SSH, there is a CRC32 update with 1.2.27-239 which is serious. This package is avialable to 7.1 and newer. I assume older versions should use this. Is that correct so? Otherwise please correct it to clarify that SSH myst now :) oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.