Bug#211351: ssh: Security - DSA-382-1 is based on 1st (obsolete revision) of OpenSSH Security advisory
Package: ssh
Version: 1:3.4p1-1.1
Severity: critical
Security pacth is based on 1st revision of OpenSSH Security Advisory: buffer.adv
Now, 2nd version is available see: http://www.openssh.com/txt/buffer.adv
According to this advisory Debian package SSH 1:3.4p1-1.1 is still vulnerable.
And there are rumours about exploit floating in underground.
See: http://lists.netsys.com/pipermail/full-disclosure/2003-September/010116.html
-- System Information
Debian Release: 3.0
Kernel Version: Linux aqua 2.4.22 #1 Tue Aug 26 18:51:45 CEST 2003 i686 unknown
Versions of the packages ssh depends on:
ii adduser 3.47 Add and remove users and groups
ii debconf 1.0.32 Debian configuration management system
ii libc6 2.2.5-11.5 GNU C Library: Shared libraries and Timezone
ii libpam-modules 0.72-35 Pluggable Authentication Modules for PAM
ii libpam0g 0.72-35 Pluggable Authentication Modules library
ii libssl0.9.6 0.9.6c-2.woody SSL shared libraries
ii libwrap0 7.6-9 Wietse Venema's TCP wrappers library
ii zlib1g 1.1.4-1 compression library - runtime
Reply to: