Re: ssh vulernability
On Fri, Oct 19, 2001 at 03:26:18PM -0800, Ethan Benson wrote:
> On Fri, Oct 19, 2001 at 06:06:34PM -0400, ahall@secureworks.net wrote:
> > Has debian released a new ssh dpkg yet?
>
> no
If this is about the buffer overflow exploit that's supposed to be
going around now, wasn't this fixed in the following:
openssh (1:1.2.3-9.2) stable; urgency=high
* Non-maintainer upload by Security Team
* Added backported fix for a buffer overflow (thanks to Piotr
Roszatycki)
* Added modified build dependencies from unstable for convenience
* Added patch that fixes an rsa key exchange problem made public by CORE
SDI.
-- Martin Schulze <joey@debian.org> Thu, 8 Feb 2001 22:15:04 +0100
If it's a different exploit entirely, please ignore.
--
Mike Renfro / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University -- renfro@tntech.edu
Reply to: