On Wed, 2003-09-17 at 06:01, Avi Schwartz wrote: > On Wednesday, September 17, 2003, at 01:58 AM, T. Ribbrock wrote: > > > On Tue, Sep 16, 2003 at 10:05:18PM -0500, Avi Schwartz wrote: > >> Today, Mandrake has issued a security update to ssh (BTW, if you did > >> not update it yet, you better do it soon, before the exploit starts > >> circulating). > > [...] > > > > Well, while updating is definitely recommended, at least there seems to > > be no reason to panic yet. Quote from the OpenSSH advisory: > > > > "All versions of OpenSSH's sshd prior to 3.7.1 contain buffer > > management errors. It is uncertain whether these errors are > > potentially exploitable, however, we prefer to see bugs fixed > > proactively." > > > > Nonetheless, I just *love* the approach of the OpenSSH team. Would be > > great if everybody did it that way. > > > When it comes to SSH, I am always nervous. In the past, the admin at > the time, failed to update SSH and it was used to break into 3 of our > machines. So, yeah, I am nervous :-) > > Avi
True enough. But compared to Telnet it's a vault.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
