Re: ssh vulnerability in the wild

To: debian-security@lists.debian.org
Subject: Re: ssh vulnerability in the wild
From: Andrew Pimlott <andrew@pimlott.net>
Date: Tue, 16 Sep 2003 11:24:09 -0400
Message-id: <[🔎] 20030916152409.GA5987@pimlott.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] Pine.LNX.4.40.0309161559330.3755-100000@jehova.dsm.dk>
References: <[🔎] 20030916143038.GG27127@hoffentlich.net> <[🔎] Pine.LNX.4.40.0309161559330.3755-100000@jehova.dsm.dk>

On Tue, Sep 16, 2003 at 04:00:30PM +0100, Thomas Horsten wrote:
> Is there an emergency patch/workaround for this, if disabling ssh is not
> an option? Are systems with Privilege Separation affected?

There's already a new package on security.debian.org.  I can't
vouch for it myself, but here's the changelog:

openssh (1:3.4p1-1.1) stable-security; urgency=high

  * NMU by the security team.
  * Merge patch from OpenBSD to fix a security problem in buffer handling

 -- Wichert Akkerman <wakkerma@debian.org>  Tue, 16 Sep 2003 13:06:31 +0200

Andrew

Reply to:

References:
- Re: ssh vulnerability in the wild
  - From: Alexander Neumann <alexander@bumpern.de>
- Re: ssh vulnerability in the wild
  - From: Thomas Horsten <thomas@horsten.com>

Prev by Date: Re: ssh vulnerability in the wild
Next by Date: Re: ssh vulnerability in the wild
Previous by thread: Re: [d-security] Re: ssh vulnerability in the wild
Next by thread: Re: ssh vulnerability in the wild
Index(es):
- Date
- Thread