Re: [d-security] Re: ssh vulnerability in the wild
Christian Hammers <ch@debian.org> écrivait (wrote) :
> On Tue, Sep 16, 2003 at 04:00:30PM +0100, Thomas Horsten wrote:
> > On Tue, 16 Sep 2003, Alexander Neumann wrote:
> >
> > > According to Wichert, the security team is already working on an update.
> >
> > Is there an emergency patch/workaround for this, if disabling ssh is not
> > an option? Are systems with Privilege Separation affected?
>
> The new version has already been installed. This was quick. Good work,
> security team.
Same for most boxes here but there seem to be a versioning conflict
between security update and woody proposed update :
apt-cache policy ssh
ssh:
Installed: 1:3.4p1-1.woody.1
Candidate: 1:3.4p1-1.woody.1
Version Table:
*** 1:3.4p1-1.woody.1 0
500 ftp://ftp.u-picardie.fr woody-proposed-updates/main Packages
100 /var/lib/dpkg/status
1:3.4p1-1.1 0
500 http://security.debian.org woody/updates/main Packages
1:3.4p1-1 0
500 ftp://ftp.u-picardie.fr woody/main Packages
I will force the security.debian.org version to apply but I think people
should be aware of the risq of using woody/updates and maybe one of the too
should be renumbered.
Jean Charles
Reply to: