On Thu, Sep 18, 2003 at 06:29:32AM -1000, Deven Phillips wrote: > Thanks to quick action from our team at HCC, I am proud to say > that we had all of our systems patched as of 4PM yesterday > afternoon. Not bad for having to upgrade, patch, and test > 30+ productions machines without any serious interuptions to > service.
Can you be done by 3pm today? :/ http://www.openssh.com/txt/sshpam.adv Portable OpenSSH versions 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the new PAM code. At least one of these bugs is remotely exploitable (under a non-standard configuration, with privsep disabled). The OpenBSD releases of OpenSSH do not contain this code and are not vulnerable. Older versions of portable OpenSSH are not vulnerable. -Vince
