On Wed, 17 Sep 2003, Declan Ingram wrote:
> CERT Advisory CA-2003-24 Buffer Management Vulnerability in OpenSSH > > Original release date: September 16, 2003 > Last revised: -- > Source: CERT/CC > > A complete revision history can be found at the end of this file. > > > Systems Affected > > * Systems running versions of OpenSSH prior to 3.7 > * Systems that use or derive code from vulnerable versions of > OpenSSH Thanks for the note.... some general questions about security updates: 1: what is the thinking about running apt-get update, upgrade as a cron in order to make sure that I don't miss any security updates? 2: how do I figure out the version number of ssh.... there doesn't seem to be a -v option of anything equally sensible :( 3: how hard it is to mirror the security changes locally so I can avoid downloading them for each box. Is there a how-to? I have three machines running woody. thanks... David -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
