Paul Baker [EMAIL PROTECTED] writes:
So as it turns out, AFAIK, none of the versions of OpenSSH in Debian
were actually vulnerable to the exploit found by ISS and reported in
DSA-134
The 3.3p1 packages are vulnerable in some configurations. :-(
--
Florian Weimer[EMAIL
Note that Potato users actually BECAME vulnerable by installing this
security fix.
On Thu, 27 Jun 2002, Florian Weimer wrote:
Paul Baker [EMAIL PROTECTED] writes:
So as it turns out, AFAIK, none of the versions of OpenSSH in Debian
were actually vulnerable to the exploit found by ISS and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
So as it turns out, AFAIK, none of the versions of OpenSSH in Debian
were actually vulnerable to the exploit found by ISS and reported in
DSA-134
Potato wasn't vulnerable because it is SSH1 only, and the problem lies
in the
On Wed, Jun 26, 2002 at 02:35:21PM -0500, Paul Baker wrote:
I'm curious what recourse Debian is planning to take now? Perhaps
removing the buggy OpenSSH 3.3 packages off of security.debian.org so
people don't upgrade to it since it's not at all necessary and it will
only cause problems
On Wed, 26 Jun 2002, Paul Baker wrote:
I'm curious what recourse Debian is planning to take now? Perhaps
removing the buggy OpenSSH 3.3 packages off of security.debian.org so
people don't upgrade to it since it's not at all necessary and it will
only cause problems like screwing up
On Wednesday, June 26, 2002, at 03:50 PM, Richard wrote:
Even worse, on 2.0.x kernels PrivilegeSeparation doesn't work,
rendinging sshd useless for interactive sessions or make it vurneble is
you disable it.
All debian versions of ssh packages are not vulnerable, AFAIK. I'm
hoping the
6 matches
Mail list logo
