[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: is openssh version (in potato) 1.2.3-9.4 vulnerable?

The new version of Nessus (in testing) is complaining about this too.

I think, from looking at the bug reports etc., that in potato the offending versions of ssh and 
openssh have been patched so that, although your version number indicates that you have a problem, the 
truth is that you're safe. All of this is, of course, dependent on you being up to date with 
security.debian.org updates.

Can someone confirm this please...

Thanks,

Liam

On 22 Feb 2002 at 9:11, Walter Tautz wrote:

> the following reports:
> 
> http://www.cert.org/incident_notes/IN-2001-12.html
>      http://www.cert.org/advisories/CA-2001-35.html
> 
> which apparently refers to ssh1 crc-32 compensation attack detector
> and some other problems?
> 
>   Judging from the page there openssh is fixed only in version 2.3.0
>   and later? Or has the one in potato been patched so that none of
>   these vulnerabilities.
> 
> -walter
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 
> 
> 


-- 
Liam Ward
DV4
t: +353 1 672 7250
e: liam@dv4.com
w: www.dv4.com
Reply to: