You might want to read this: (from LWN.NET)
Theo de Raadt has announced a vulnerability in OpenSSH. "There is an upcoming OpenSSH vulnerability that we're working on with ISS. Details will be published early next week." The latest version, 3.3, does not specifically fix the problem, but it creates an environment in which the bug may not compromise your system. While waiting for the actual fix, you may want to upgrade to 3.3. =================================== Note to all that the PrivSep feature of 3.3 does not work with compression enabled (the default) ON KERNEL 2.2.x; You need to turn of compression for it to work. Be warned! Updating a remote openssh, kernel 2.2. system with both privsep and compression enabled will make the ssh server bomb out and the result is you will loose the ability to connect to the remote ssh server, which means... Ian _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
