D&C Lug - Home Page
Devon & Cornwall Linux Users' Group

[ Date Index ][ Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] [SECURITY] [DSA-134-1] OpenSSH remote vulnerability



Theo Zourzouvillys wrote:

Arghghghghhghgh this is the week of serious bugs!!

Theo de Raadt announced that the OpenBSD team is working with ISS
on a remote exploit for OpenSSH (a free implementation of the
Secure SHell protocol). They are refusing to provide any details on
the vulnerability but instead are advising everyone to upgrade to
the latest release, version 3.3.

Seems ISS treat them better than the Apache team, or maybe they
learnt their lesson?

Haven't seen anything suggesting the Apache bug is exploitable
on Linux, but I wouldn't take the chance.

Theo made it very clear this new version does not fix the
vulnerability

This doesn't sound like good news.

:(

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.


Lynx friendly