Thanks..... Mmmhhhhh.....hard keeping up, but i like my Mandy box, and the only way to keep it is comply with policies....I dont make them unfortunately....
--- Vincent Danen <[EMAIL PROTECTED]> wrote: > On Tue Sep 23, 2003 at 09:52:53AM -0600, Vincent > Danen wrote: > > > [..] > > > greatest out there, and YES, i know Mandrake has > > > released an rpm patch for 3.6p1. But, with our > > > internal scan, anything running a version > identified > > > as vulnerable, even if patched, is flagged. So i > have > > > always used locally compiled versions of ssh. > Anyone > > > else gone past this problem? > > > > > > Longing for a > response/idea/suggestion/recommendation > > > only on getting openssh-3.7p1 to work. > > > > Then you want 3.7.1p1. > > > > But... and this is just a friendly warning... > 3.7.1p1 has been causing a > > lot of problems for various people, according to > discussion on the > > openssh-dev mailing list. You might want to > ignore your scanner in this > > instance and use the patched packages... it'll be > more reliable. > > > > The latest and greatest is not always the > greatest. > > Sorry, you want 3.7.1p2 (released today). They > turned pam off by default > and introduced two new vulnerabilities in 3.7.x that > weren't in 3.6.x. > > How's that for wanting to stick with a patched > version? > > (And people wanted 3.7 in cooker/updates... tsk tsk > tsk) > > -- > MandrakeSoft Security; > http://www.mandrakesecure.net/ > Online Security Resource Book; http://linsec.ca/ > "lynx -source http://linsec.ca/vdanen.asc | gpg > --import" > {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 > FE6F 2AFD} > > > ATTACHMENT part 2 application/pgp-signature __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
