Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] ssh in SuSE 7.2
  • From: Sebastian Krahmer <krahmer@xxxxxxx>
  • Date: Thu, 20 Dec 2001 14:03:11 +0100 (CET)
  • Message-id: <Pine.LNX.4.33.0112201355280.28896-100000@xxxxxxxxxxxxxxx>
On Thu, 20 Dec 2001, Jörg Marten wrote:

Hi,

>
> Hello,
>
> I am using SuSE 7.2 and the ssh-version "ssh-1.2.27-280"
> that comes along with it. As far as I know, there was no
> update up to now for it (in SuSE 7.2).
>
> My problem/question is, that i have been told, that all
> versions of ssh lower than 1.2.32 are insecure due to a bug
Thats wrong. Patched ssh 1.2.27 as used in our updated packages are not
vulnerable. Since 7.2 the src rpm contains a "deattac.patch"
file which is applied in the built packages since 7.2.
All ssh's since and including 7.2 are safe against crc32.
If you use older distributions you should have read our
advisories which tell you which updated packages to use for these
distros. The announcement-id was SuSE-SA:2001:04 and
the advisory may be found at http://www.suse.de/security.

As a general rule, if you are not sure about the versions, always
use the newest packages from our ftp server, and you are
on the safe side. :-)

regards,
Sebastian

--
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@xxxxxxx - SuSE Security Team
~



< Previous Next >
References