Thanks for the update, Michael Regards Dave ----- Original Message ----- From: "Michael Stauber" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 23, 2003 1:46 PM Subject: [cobalt-security] OpenSSH-3.7.1p2 released
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi all, > > With the third hotfix in eight days OpenSSH is getting quite unpopular in > certain circles that roll up patches. ;o) > > Just today OpenSSH-3.7.1p2 has been released. > > If you have OpenSSH-3.7p1 or OpenSSH-3.7.1p1 or any OpenSSH older than that, > then please take the time to upgrade again. > > OpenSSH version 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the new > PAM authentication code. At least one of these bugs is remotely exploitable > (under a non-standard configuration, with privsep disabled). > > As our OpenSSH PKGs for the Sun Cobalt RaQs (and the Qube 3) do use privesep > you shouldn't be vulnerable. However, better play it safe than sorry and grab > the updates. > > More information about the vulnerability and other changes can be found in the > release notes of OpenSSH-3.7.1p2. > > Release notes: > http://marc.theaimsgroup.com/?l=openbsd-misc&m=106432248311634&w=2 > > The new OpenSSH PKGs for the RaQ3, RaQ4, RaQ XTR, RaQ550 and Qube 3 can be > found on our download page. > > PKG download page: > http://www.solarspeed.net/downloads/index.php > > - -- > > With best regards, > > Michael Stauber > Solarspeed.net > > Public PGP Key: https://www.solarspeed.net/mstauber.asc > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) > > iD8DBQE/cIb6EcjLwmf9gR4RAu83AJsFwaAZSx5MCrqZcppGqAaTdBemCwCgvMwW > u4fDGrpza6icrCaQ0qD4Fm0= > =jyeR > -----END PGP SIGNATURE----- > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
