[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh vulernability

On Fri, Oct 19, 2001 at 03:26:18PM -0800, Ethan Benson wrote:
> On Fri, Oct 19, 2001 at 06:06:34PM -0400, ahall@secureworks.net wrote:
> > Has debian released a new ssh dpkg yet?
> no

If this is about the buffer overflow exploit that's supposed to be
going around now, wasn't this fixed in the following:

openssh (1:1.2.3-9.2) stable; urgency=high

  * Non-maintainer upload by Security Team
  * Added backported fix for a buffer overflow (thanks to Piotr
  * Added modified build dependencies from unstable for convenience
  * Added patch that fixes an rsa key exchange problem made public by CORE

 -- Martin Schulze <joey@debian.org>  Thu,  8 Feb 2001 22:15:04 +0100

If it's a different exploit entirely, please ignore.

Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University -- renfro@tntech.edu

Reply to: