[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#506115: openssh: Plaintext Recovery Attack Against SSH

package: openssh
servity: grave
tag: security upstream

Hi OpenSSH package maintainers (and lists),

 I saw new OpenSSH vulnerability issue.
 See http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt

 It says
"The attack was verified against the following product version running on Debian GNU/Linux:

- OpenSSH 4.7p1

Other versions are also affected. Other implementations of the SSH
protocol may also be affected."

 and upstream was reported this issue by CPNI (they say). IMHO, we should
 contact to upstream and wait to be put a solution from them.


 Hideki Yamane     henrich @ debian.or.jp/iijmio-mail.jp

Attachment: pgpwSNg7Fv5ao.pgp
Description: PGP signature

Reply to: