Mailinglist Archive: opensuse-security (9 mails)

< Previous Next >
[opensuse-security] openSSH, 11.3 and CVE-2011-0539

We failed a pci-dss compliance test because the version of openSSH for 11.3
doesn't have the fix for CVE-2011-0539. In fact, there hasn't been any update
to openSSH for 11.3 since Jun 2010.

I can see that the fix is in the version in factory. The change log has:

- Update to 5.8p1
* Fix vulnerability in legacy certificate signing introduced in
OpenSSH-5.6 and found by Mateusz Kocielski.

which looks like the fix for CVE-2011-0539.

Two questions:

1/ Is there any reason why this fix hasn't been ported to 11.3?

2/ Any reason why I might have problems taking the factory source and building
it for myself?

Paul Reeves
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >
List Navigation
Follow Ups