Le vendredi 23 mai 2008 18:05, Paul Marques Mota a écrit : | Je ne crois pas pas que ce soit passé ici, mais il il y a eu un gros | bug de sécurité sur les versions debian de ssh la semaine dernière, et | toutes les distributions dérivées sont concernées (dont ubuntu):
http://www.debian.org/security/2008/dsa-1571 http://www.debian.org/security/2008/dsa-1576 Ainsi que 1576-2 ci-dessous mais dont je ne retrouve pas l'url : ------------------------------------------------------------------------ Debian Security Advisory DSA-1576-2 [EMAIL PROTECTED] http://www.debian.org/security/ Noah Meyerhans May 16, 2008 http://www.debian.org/security/faq ------------------------------------------------------------------------ Package : openssh Vulnerability : predictable random number generator Problem type : remote Debian-specific: yes CVE Id(s) : CVE-2008-0166 Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys with options (such as "no-port-forwarding" or forced commands) were ignored by the new ssh-vulnkey tool introduced in openssh 1:4.3p2-9etch1 (see DSA 1576-1). This could cause some compromised keys not to be listed in ssh-vulnkey's output. This update also adds more information to ssh-vulnkey's manual page. For the stable distribution (etch), this problem has been fixed in version 1:4.3p2-9etch2 We recommend that you upgrade your openssh (1:4.3p2-9etch2) package. -- Cordialement Alain Vaugham -------------------------------------------------------- [PUB] Signature numérique GPG de ce courrier: 0xD26D18BC
pgpH5Nk9IG8lw.pgp
Description: PGP signature
_________________________________ Linux mailing list Linux@lists.parinux.org http://lists.parinux.org/mailman/listinfo/linux
