Re: OpenSSH hack (linux is vulnerable?)
On Wednesday 17 September 2003 05:57, Tim Connors wrote:
> > exploit of OpenSSH. Linux is vulnerable. The remedy is to upgrade to
> > OpenSSH 3.7p1
>
> Don't do that. Update to your distributions latest update - as long as it
> has the fix applied.
>
> Debian unstable has a backport to 1:3.6.1p2-6, because 3.7p1 is not ready
> for debian yet, given that it has major PAM updates.
>
> Debian stable is a different version again, and can be got from:
> deb http://security.debian.org/debian-security stable/updates main contrib
> non-free or the like.
Yes but apparently this only fixes part of the problem:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211205
has not been fixed yet in any debian packages.
Anders
--
This email was generated using KMail from KDE 3.1.3 on Debian GNU/Linux
Reply to: