Re: (fwd) OpenSSH trojan!
Halil Demirezen <firstname.lastname@example.org> writes:
> and we installed the ssh from the deb packages using
> apt-get install utility.
> I wonder if there is any risk on this stable version of OpenSSH
> (Debian) undependent from openbsd's source tarball?
There isn't an easy way to determine whether a Debian package is
authentic or not. I'm not even sure what "authentic" means in this
The package you are referring to is probably not affected by the
OpenBSD incident, but you cannot be sure that it hasn't been
manipulated by some other means.
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898