Re: OpenSSH hack (linux is vulnerable?)

To: debian-laptop@lists.debian.org
Subject: Re: OpenSSH hack (linux is vulnerable?)
From: Anders Ellenshøj Andersen <andersa@fys.ku.dk>
Date: Wed, 17 Sep 2003 11:41:45 +0200
Message-id: <[🔎] 200309171141.45483.andersa@fys.ku.dk>
In-reply-to: <[🔎] Pine.LNX.4.33.0309171353340.10910-100000@tellurium.ssi.swin.edu.au>
References: <[🔎] Pine.LNX.4.33.0309171353340.10910-100000@tellurium.ssi.swin.edu.au>

On Wednesday 17 September 2003 05:57, Tim Connors wrote:

> > exploit of OpenSSH. Linux is vulnerable. The remedy is to upgrade to
> > OpenSSH 3.7p1
>
> Don't do that. Update to your distributions latest update - as long as it
> has the fix applied.
>
> Debian unstable has a backport to 1:3.6.1p2-6, because 3.7p1 is not ready
> for debian yet, given that it has major PAM updates.
>
> Debian stable is a different version again, and can be got from:
> deb http://security.debian.org/debian-security stable/updates main contrib
> non-free or the like.

Yes but apparently this only fixes part of the problem:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211205

has not been fixed yet in any debian packages.

Anders

-- 
This email was generated using KMail from KDE 3.1.3 on Debian GNU/Linux

Reply to:

References:
- Re: OpenSSH hack (linux is vulnerable?)
  - From: Tim Connors <tconnors@astro.swin.edu.au>

Prev by Date: Re: can't find driver for sound and net work adaptor
Next by Date: apt-get dist-upgrade errors
Previous by thread: Re: OpenSSH hack (linux is vulnerable?)
Next by thread: Re: Nokia D211
Index(es):
- Date
- Thread