Re: [SECURITY] [DSA 119-1] ssh channel bug
On Fri, 8 Mar 2002, Michael Stone wrote:
> Since Debian 2.2 (potato) shipped with OpenSSH (the "ssh" package)
> version 1.2.3, it is not vulnerable to this exploit. No fix is required
> for Debian 2.2 (potato).
According to the alert above, potato's version of OpenSSH is previous to
the ones concerned. On my plain potato box, I get:
$ ssh -V
SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090600f).
I don't see version 1.2.3, but a 2x version. Can anyone explain why I
shouldn't be concerned?
John
Reply to: