On Thu, Dec 02, 1999 at 10:27:29AM -0500, Eric Ding wrote:
> is anyone actively maintaining ssh 1.2.27 any longer? I know it is
> relatively stable, but the buffer overflow alert makes me wonder whether
> there will be an incremental 1.2.28 or 1.2.27a release to address the
> security issue for RSAREF users.
the upgrade from 1.2.26 to 1.2.27 took quite long, so
if you cannot use www.OpenSSH.com, here is a patch for
the rsaglue-overflow against 1.2.27
http://www.openbsd.org/cgi-bin/cvsweb/ports/security/ssh/patches/patch-ai?rev=1.5
note, that this does not cover the recent overflow in RSAREF itself.
-markus
- Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7... Ville Herva
- Re: ssh-1.2.27 remote buffer overflow - exploitable ... Markus Friedl
- Re: ssh-1.2.27 remote buffer overflow - exploita... Ville Herva
- Re: ssh-1.2.27 remote buffer overflow - expl... Bjoern Groenvall
- Re: ssh-1.2.27 remote buffer overflow - ... Ville Herva
- Re: ssh-1.2.27 remote buffer overflow - expl... Markus Friedl
- Re: ssh-1.2.27 remote buffer overflow - exploitable ... Eric Ding
- ssh-1.2.27 commands(including X commands) fail Markus Friedl
- ssh-1.2.27 commands(including X commands) fail Atsushi Kuroda
- Re: ssh-1.2.27 commands(including X commands... Theo Van Dinter
- Re: ssh-1.2.27 commands(including X commands... Tina M. Declerck
- Re: ssh-1.2.27 commands(including X commands... Gregor Mosheh
- Re: ssh-1.2.27 remote buffer overflow - exploitable ... Niels Provos
- Re: ssh-1.2.27 remote buffer overflow - exploita... Ville Herva
- Re: ssh-1.2.27 remote buffer overflow - expl... Wojtek Pilorz
- Re: ssh-1.2.27 remote buffer overflow - ... Carl J. Nobile
- configure-error... Jean Caron
- Re: configure-error... Gregor Mosheh
