[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: (fwd) OpenSSH trojan!

Halil Demirezen <halild@bilmuh.ege.edu.tr> writes:

> and we installed the ssh from the deb packages using
> apt-get install utility.
> I wonder if there is any risk on this stable version of OpenSSH
> (Debian) undependent from openbsd's source tarball?

There isn't an easy way to determine whether a Debian package is
authentic or not.  I'm not even sure what "authentic" means in this

The package you are referring to is probably not affected by the
OpenBSD incident, but you cannot be sure that it hasn't been
manipulated by some other means.

Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898

Reply to: