[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security question: are these vulnerabilities addressed?

Kamaraju S Kusumanchi <kamaraju@bluebottle.com> writes:

> Scott Gifford wrote:
>
>
>>     CVE-2006-0225    OpenSSH Local SCP Shell Command Execution
>>From /usr/share/doc/openssh-server/changelog.Debian.gz on Debian Etch
> machine running openessh-server 4.3p2-9, this was fixed in 1:4.3p2-1

Thanks, from the bug tracking database it looks like this wasn't
addressed for Sarge (see bug 349645), which is unfortunate.

> No idea about other stuff.
>
> BTW, is upgrade to Etch from Sarge not an option in your case? 

Our upgrade from Woody to Sarge was so disastrous, I will need more
time for this client to forget about it before I can propose another
upgrade.  :-)

> Sarge is old and Etch is the new stable version.

"old" is perhaps a bit strong of a word for a release that was
state-of-the-art as of about 7 weeks ago, and is still supported for
another 10 months...

---Scott.
Reply to: