Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
Re: [suse-security] SuSE Security Announcement: openssh (SuSE-SA:2003:038) 7.3??
  • From: Bill.Light@xxxxxx
  • Date: Wed, 17 Sep 2003 16:06:18 -0700
  • Message-id: <OFD0D3B642.6E8583D1-ON88256DA4.007E3A18@xxxxxx>
Sven - I ain't feeling so good.....Here's what I get :

# rpm -q openssh --changelog |less
* Mon Sep 24 2001 - cihlar@xxxxxxx

- fixed security problem with sftp & bypassing
keypair auth restrictions - patch based on CVS
- fixed status part of init script - it returned
running even if there were only sshd of connections
and no listening sshd [#11220]
- fixed stop part of init script - when there was no
/var/run/sshd.pid, all sshd were killed

* Thu Sep 06 2001 - nadvornik@xxxxxxx

- added patch for correct buffer flushing from CVS [bug #6450]

* Fri Jul 27 2001 - cihlar@xxxxxxx

- update x11-ssh-askpass to version 1.2.2

* Thu Jul 26 2001 - cihlar@xxxxxxx

- update to version 2.9p2
- removed obsolete "cookies" patch

* Mon Jun 11 2001 - cihlar@xxxxxxx

- fixed to compile with new xmkmf
#

So now I should go back and FORCE all these patches manually ??!! What
the heck has been downloading when I do get patches ?? Is Yast that
broken ?

=====================================================

> I have checked the "changelog" entry of openssh and it shows NO
patches.
> (The announcement shows for 7.3 still) As a matter of fact, the
> changelog entries only show changes in 2001, and I have seen (and
applied)
> openssh updates since then !?
>
> My 8.0 machine is also not reflecting a change.
>
> The two 8.2 boxes worked fine....Do I manually download the patches and
> apply ?
>
> I use Yast2 - abandon all hope ? Is there a problem with the 7.3 & 8.0

> ftp sites ? (I have tried suse.com, gwdg.de, and leo.org)
> Suggestions/Comments ?

Ive updated my 7.3 via. fou4s, result:

# rpm -q openssh --changelog
* Tue Sep 16 2003 - postadal@xxxxxxx

- fixed race condition in allocating memory [#31025] (CAN-2003-0693)

* Fri Oct 25 2002 - postadal@xxxxxxx

- fixed security problem: when password expired the forced password change
echoed the password on the screen [bug #20903].

* Fri Jun 28 2002 - okir@xxxxxxx

- fixed broken %patch statement; re-added channelbug diff

* Fri Jun 28 2002 - okir@xxxxxxx

- back down to 2.9.9, with patch

* Tue Jun 25 2002 - okir@xxxxxxx

- patch for privilege separation+PAM


as you can see, all's there...

HTH,
Sven
< Previous Next >
This Thread
  • No further messages