Re: Which ssh should I have?
* Ted Cabeen <ted@impulse.net> [011107 18:11]:
> Make sure that you have the security site in your
> /etc/apt/sources.list file. If you do, and apt-get update; apt-get
> upgrade says you're up to date, then you're fine. In general, the
> security team patches the current version to fix security bugs in
> stable rather than upgrade to a newer version. That could be
> confusing your sysadmin. The CRC bug was patched in debian as of ssh
> version 1.2.3-9.2. You can look at the changelog in
> /usr/share/doc/ssh/changelog.Debian.gz for specific information.
Thanks for info. Yes, I have that line in my sources.list, and I also
believe I am fine. Our network admin used the nessus ssh plugin to scan
the network. He only says that nessus gives a warning about my computer
(concerning the crc bug) and knows nothing more. He uses debian himself
but with openssh 2.9p. In his case nessus doesn't complain.
Reply to: