[olug] ssh vulnerability anounced today.

Jeff Hinrichs jlh at cox.net
Tue Sep 16 19:42:30 UTC 2003


----- Original Message ----- 
From: "Daniel G. Linder" <dlinder at iprevolution.net>
To: "Omaha Linux User Group" <olug at olug.org>
Sent: Tuesday, September 16, 2003 2:12 PM
Subject: RE: [olug] ssh vulnerability anounced today.


Brian Roberson [mailto:roberson at olug.org] wrote:
> http://www.openssh.org/
> http://www.openssh.com/txt/buffer.adv

You can download the latest version from the OpenSSH site:
http://www.openssh.com/portable.html.  In my case, the RH 9.0 RPMs are
available here.

Just updated a bunch of systems via RHN.  RH was slower than some
distributions but < 4hours is still not too bad<g>. After 2 weeks of H311
updating winboxen, repeatedly, using shavlik and wus, this was a breeze.
Updating linux boxen is a much simpler process and my butt only leaves the
chair to get a fresh DP<g>

<rant>As a side note while were yakking about security, Do you know what
gives me indigestion...? When your accounting software, Great Plains, can be
use to root'ya.  Did  you know that any accounting software that uses vba
has a critical vulnerability? If you are running GP, Solomon or Dynamics
you'd better get patching. So did word/excel/power point et al.  What a
freaking nightmare.  And the patches for Office required that you have the
original cds.  So you had to put your butt at every desk to patch them,
(unless you have a network install).  And the honking thing is that we are
never really out of date, I keep us patched monthly or we do a sweep when a
critical is announced.

There was even a M$ rep at the last security lunch giving a presentation and
apologies for having to deal with blaster and then they didn't even get the
patch right and we got another critical for the same thing last wed, the day
before 9/11.  Even the VP of the company is starting to take real notice of
the amount of time we are devoting to just the patching element of our
security responsibilities.</rant>...redness in face starts to decrease and
temples begin to relax.....

-Jeff


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.518 / Virus Database: 316 - Release Date: 9/13/2003



More information about the OLUG mailing list