Re: Security question: are these vulnerabilities addressed?
Kamaraju S Kusumanchi <kamaraju@bluebottle.com> writes:
> Scott Gifford wrote:
>
>
>> CVE-2006-0225 OpenSSH Local SCP Shell Command Execution
>>From /usr/share/doc/openssh-server/changelog.Debian.gz on Debian Etch
> machine running openessh-server 4.3p2-9, this was fixed in 1:4.3p2-1
Thanks, from the bug tracking database it looks like this wasn't
addressed for Sarge (see bug 349645), which is unfortunate.
> No idea about other stuff.
>
> BTW, is upgrade to Etch from Sarge not an option in your case?
Our upgrade from Woody to Sarge was so disastrous, I will need more
time for this client to forget about it before I can propose another
upgrade. :-)
> Sarge is old and Etch is the new stable version.
"old" is perhaps a bit strong of a word for a release that was
state-of-the-art as of about 7 weeks ago, and is still supported for
another 10 months...
---Scott.
Reply to: