16 Sep
2003
16 Sep
'03
13:24
Hi,
is there already a statement if the SuSE openssh versions are vulnerable? http://lists.netsys.com/pipermail/full-disclosure/2003-September/010103.html
I looked in the patched version for SuSE 7.3 and if I understand the fix at http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1.1.1.6&r2=1.1.1.7 then the 7.3 version seems to be vulnerable, too.
It is unclear if the found bug is exploitable, as of now. However, we don't guess. Updates are in progress, and expected for later today, including announcement. Roman.