Re: security report

To: debian-user@lists.debian.org
Subject: Re: security report
From: Leonard Stiles <ljs@uk2.net>
Date: 02 Jul 2001 18:07:23 +0200
Message-id: <[🔎] 8766dbpb5w.fsf@TK212017118241.teleweb.at>
In-reply-to: <[🔎] Pine.LNX.4.21.0107021128570.438-100000@Chrestomanci.home.earth>
References: <[🔎] Pine.LNX.4.21.0107021128570.438-100000@Chrestomanci.home.earth>

Faheem Mitha <faheem@email.unc.edu> writes:

> I got the following security audit of a machine I recently installed
> Debian 2.2r3 on. I have run apt-get update and apt-get upgrade on it. The
> most serious problem appears to be with ssh. What should I do about this,
> if anything? 
> 
> Should I upgrade to a more recent version of ssh from testing? The current
> version of Openssh1.is at 1.2.3-9.3 and the most recent version is 2.9. In
> any case, I thought security vulnerabilities were supposed to be fixed in
> stable.

Security problems in stable packages are often fixed by back-porting
changes from later versions.  Hence just looking at the version number
of a package is in many cases an inadequate way of determining whether
it (still) contains a certain security hole.  It is best to look at
the change logs.  AFAIK, the problem you refer to was addressed by
DSA-027 <URL:http://www.debian.org/security/2001/dsa-027>.

If you have security.debian.org in your sources.list the fix should
have been installed when you apt-got.

-- 

Leonard Stiles <ljs@uk2.net>

Reply to:

References:
- security report
  - From: Faheem Mitha <faheem@email.unc.edu>

Prev by Date: Re: security report
Next by Date: Re: dpkg -s man page description
Previous by thread: Re: security report
Next by thread: Re: security report
Index(es):
- Date
- Thread