According to the reg article http://theregister.co.uk/content/5/24387.html on the zlib vulnerability, ssh is one of the apps that contains the zlib bug built in (ie, the old cut and paste of the code or static linkage), but when I do 'ldd /usr/bin/ssh', I see that it dynamically links with zlib. So maybe they are referring to ssh, not openssh?
I upgraded to the zlib 1.1.4, which fixes the bug. Anyone know whether I can now rest easy as far as ssh is concerned? I didn't find any mention of the problem on the openssh site, strangely enough. Thanks, John Hunter version info: OpenSSH_3.0.2p1 on RHL 7.1 For anyone who hasn't done so yet, the following incantation will bring you up to speed on most linuxes: su cd /var/tmp wget http://prdownloads.sourceforge.net/libpng/zlib-1.1.4.tar.gz tar xvfz zlib-1.1.4.tar.gz cd zlib-1.1.4 configure -s --prefix=/usr make install _______________________________________________ Bits mailing list [EMAIL PROTECTED] http://www.sugoi.org/mailman/listinfo/bits
