patch your systems - new openssh exploit out
James R. Van Zandt
jrv at vanzandt.mv.com
Wed Sep 17 20:22:55 EDT 2003
On Tue, 16 Sep 2003 22:58:37 -0400 Johannes Ullrich
<jullrich at euclidian.com> wrote:
> To make things more interesting, there have been two OpenSSH updates
> today. The first one, released early morning as 3.7p1 fixed buffer.c.
> Later (couple hours ago), 3.7.1 was released. According to the notes,
> it fixes additional issues.
>
> I am not sure which version made it into the updates various distros
> released.
Debian just got its third update in two days, including both sets
of fixes:
openssh (1:3.6.1p2-8) unstable; urgency=high
* Merge more buffer allocation fixes from new upstream version
3.7.1p1 (closes: #211324).
-- Colin Watson <cjwatson at debian.org> Wed, 17 Sep 2003 03:07:19 +0100
openssh (1:3.6.1p2-7) unstable; urgency=high
...
* Incorporate NMU fix for early buffer expansion vulnerability,
CAN-2003-0693 (closes: #211205). Thanks to Michael Stone.
-- Colin Watson <cjwatson at debian.org> Tue, 16 Sep 2003 14:32:28 +0100
openssh (1:3.6.1p2-6.0) unstable; urgency=high
* SECURITY: fix for CAN-2003-0693, buffer allocation error
-- Michael Stone <mstone at debian.org> Tue, 16 Sep 2003 08:27:07 -0400
- Jim Van Zandt
More information about the Discuss
mailing list