Re: Which ssh should I have?
Quoting Ted Cabeen (ted@impulse.net):
> >Hm, why should I do that? Is my admin right when he thinks that my
> >current sshd is vulnerable? I have the latest stable precompiled
> >package, i.e. the default ssh installed.
>
> Make sure that you have the security site in your /etc/apt/sources.list file.
> If you do, and apt-get update; apt-get upgrade says you're up to date, then
> you're fine. In general, the security team patches the current version to
> fix security bugs in stable rather than upgrade to a newer version. That
> could be confusing your sysadmin. The CRC bug was patched in debian as of
> ssh version 1.2.3-9.2. You can look at the changelog in
> /usr/share/doc/ssh/changelog.Debian.gz for specific information.
The original posting was "... (I'm running woody on a laptop PC). I
should have all the security fixes installed on my system (there is
this security.debian.org line on my sources.list file). "
One has to be a little more careful than that if one is running woody
(i.e. not stable) because security-patched versions for potato may be
seen as downgrades by one's system, and apt-get may ignore them.
Cheers,
--
Email: d.wright@open.ac.uk Tel: +44 1908 653 739 Fax: +44 1908 655 151
Snail: David Wright, Earth Science Dept., Milton Keynes, England, MK7 6AA
Disclaimer: These addresses are only for reaching me, and do not signify
official stationery. Views expressed here are either my own or plagiarised.
Reply to: