-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all,
With the third hotfix in eight days OpenSSH is getting quite unpopular in certain circles that roll up patches. ;o) Just today OpenSSH-3.7.1p2 has been released. If you have OpenSSH-3.7p1 or OpenSSH-3.7.1p1 or any OpenSSH older than that, then please take the time to upgrade again. OpenSSH version 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the new PAM authentication code. At least one of these bugs is remotely exploitable (under a non-standard configuration, with privsep disabled). As our OpenSSH PKGs for the Sun Cobalt RaQs (and the Qube 3) do use privesep you shouldn't be vulnerable. However, better play it safe than sorry and grab the updates. More information about the vulnerability and other changes can be found in the release notes of OpenSSH-3.7.1p2. Release notes: http://marc.theaimsgroup.com/?l=openbsd-misc&m=106432248311634&w=2 The new OpenSSH PKGs for the RaQ3, RaQ4, RaQ XTR, RaQ550 and Qube 3 can be found on our download page. PKG download page: http://www.solarspeed.net/downloads/index.php - -- With best regards, Michael Stauber Solarspeed.net Public PGP Key: https://www.solarspeed.net/mstauber.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE/cIb6EcjLwmf9gR4RAu83AJsFwaAZSx5MCrqZcppGqAaTdBemCwCgvMwW u4fDGrpza6icrCaQ0qD4Fm0= =jyeR -----END PGP SIGNATURE----- _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
