Re: OSVDB 72183
On Tue, 2013-04-09 at 13:05 -0500, Karl Schmidt wrote:
> I'm getting flagged for http://osvdb.org/72183 On Debian Stable - can't find where this has been
> addressed?
"Flagged" by what? Following the links from that URL leads to
http://www.openssh.com/txt/portable-keysign-rand-helper.adv , which
quite clearly says:
2. Affected configurations
Portable OpenSSH prior to version 5.8p2 only on platforms
that are configured to use ssh-rand-helper for entropy
collection.
[...]
Platforms that support /dev/random or otherwise
configure OpenSSL with a random number provider are not
vulnerable.
In particular, *BSD, OS X, Cygwin and Linux are not
affected.
Regards,
Adam
Reply to: