[olug] Another (!!) OpenSSH update...
Daniel G. Linder
dlinder at iprevolution.net
Thu Sep 18 17:52:59 UTC 2003
I wrote:
> Just read this on Slashdot... The first OpenSSH patch that
> we all heard about yesterday (openssh-3.7p1) didn't fix all
> the buffer overflow problems, so they issued a 3.7.1 version.
> "Brian Roberson" <roberson at olug.org> wrote:
> > More detail and a link specific to what you are talking
> > about would be nice;
> > is this only redhat? all openssh installs? what? ......
> > security minded
> > posts are not a thing to cry wolf over - BE DETAILED, give
> > resources, or dont post.
Sorry, I thought all that information would be fresh in most everyone's
minds so I didn't re-hash the www.openssh.org site and/or track down the
exact CERT numbers again.
To which Jeff Hinrichs [mailto:jlh at cox.net] replied:
> SSH security glitch exposes networks , 9/17/03 5amPT
> http://zdnet.com.com/2100-1105_2-5077796.html?tag=zdnnfd.main
>
> Subject: OpenSSH Security Advisory: buffer.adv
> This is the 2nd revision of the Advisory.
> http://www.openssh.com/txt/buffer.adv
>
> CERT Advisory CA-2003-24 Buffer Management Vulnerability in OpenSSH
> http://www.cert.org/advisories/CA-2003-24.html
>
> patch early, patch often
> -Jeff
Thanks for the update, Jeff. I hope the rumors of a third patch set
going out are just that (unless, of course, they are required).
Dan
More information about the OLUG
mailing list