On Tue, Sep 16, 2003 at 10:05:18PM -0500, Avi Schwartz wrote:
> Today, Mandrake has issued a security update to ssh (BTW, if you did
> not update it yet, you better do it soon, before the exploit starts
> circulating).
[...]
Well, while updating is definitely recommended, at least there seems to
be no reason to panic yet. Quote from the OpenSSH advisory:
"All versions of OpenSSH's sshd prior to 3.7.1 contain buffer
management errors. It is uncertain whether these errors are
potentially exploitable, however, we prefer to see bugs fixed proactively."
Nonetheless, I just *love* the approach of the OpenSSH team. Would be
great if everybody did it that way.
Cheerio,
Thomas
--
-----------------------------------------------------------------------------
Thomas Ribbrock http://www.ribbrock.org
"You have to live on the edge of reality - to make your dreams come true!"
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
