Re: [SECURITY] [DSA-134-4] OpenSSH Remote Challenge Vulnerability

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA-134-4] OpenSSH Remote Challenge Vulnerability
From: Phillip Hofmeister <plhofmei@zionlth.org>
Date: Thu, 27 Jun 2002 09:24:39 -0400
Message-id: <[🔎] 20020627132439.GB27919@zionlth.org>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <E17NYje-0002Op-00@satie.debian.org>
References: <E17NYje-0002Op-00@satie.debian.org>

On Thu, Jun 27, 2002 at 02:50:54PM +0200, Michael Stone wrote:
> Debian 2.2 (potato) shipped with an ssh package based on OpenSSH
> 1.2.3, and is not vulnerable to the vulnerabilities covered by this
> advisory. Users still running a version 1.2.3 ssh package do not have
> an immediate need to upgrade to OpenSSH 3.4. Users who upgraded to the
> OpenSSH version 3.3 packages released in previous iterations of
> DSA-134 should upgrade to the new version 3.4 OpenSSH packages, as the
> version 3.3 packages are vulnerable. We suggest that users running
> OpenSSH 1.2.3 consider a move to OpenSSH 3.4 to take advantage of the
> privilege separation feature. (Though, again, we have no specific
> knowledge of any vulnerability in OpenSSH 1.2.3. Please carefully read
> the caveats listed below before upgrading from OpenSSH 1.2.3.) We
> recommend that any users running a back-ported version of OpenSSH
> version 2.0 or higher on potato move to OpenSSH 3.4.
> 
> 
Will the security team continue to support 1.2.3?

Phil


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Prev by Date: Re: [d-security] Re: DSA-134-1
Next by Date: Re: [SECURITY] [DSA-134-4] OpenSSH Remote Challenge Vulnerability
Previous by thread: [Fwd: Re: OpenSSH 3.4 released... should FIX problems]
Next by thread: Re: [SECURITY] [DSA-134-4] OpenSSH Remote Challenge Vulnerability
Index(es):
- Date
- Thread