On Tue Sep 23, 2003 at 06:51:53AM -0700, Ricardo (Tru64 User) wrote: [..] > greatest out there, and YES, i know Mandrake has > released an rpm patch for 3.6p1. But, with our > internal scan, anything running a version identified > as vulnerable, even if patched, is flagged. So i have > always used locally compiled versions of ssh. Anyone > else gone past this problem? > > Longing for a response/idea/suggestion/recommendation > only on getting openssh-3.7p1 to work.
Then you want 3.7.1p1. But... and this is just a friendly warning... 3.7.1p1 has been causing a lot of problems for various people, according to discussion on the openssh-dev mailing list. You might want to ignore your scanner in this instance and use the patched packages... it'll be more reliable. The latest and greatest is not always the greatest. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature
