potato not affected by SSH bug (was Re: debian potato's SSH not affected by SSH bug?)
<quote who="nate">
> <quote who="Phil Brutsche">
> i read the advisory. but I do not think it is complete.
>
>
well i am pretty much convinced now that debian potato is not vulnerable
to this if your running potato's version of OpenSSH. I read a few
more advisories, and 2 from openbsd.org mention earlier then openssh2.3.1
is not affected by these specific vulnerabilties. and even in the newer ones
its only vulnerable under a specific set of circumstances. and even
then only affect SSH protocol 2.
hardly the bug it was hyped to be.
i guess thats good news though :)
as colin(i think) mentioned the older ssh isn't quite as audited,
so for some maybe its good to upgrade to 3.4 ..for me though my
networks heavily depend on SSH1 +RSA authentication so I won't
be deploying the new SSH right away ..i guess it depends on when
woody is released. using the new SSH would require a lot of re
configuration on several dozen servers, something i want to
avoid unless its absolutely needed(or i get a spare weekend,
yeah right like that'll happen!)
nate
(going to go ahead and unfirewall my potato systems tomorrow)
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: