<quote who="nate"> > <quote who="Phil Brutsche">
> i read the advisory. but I do not think it is complete. > > well i am pretty much convinced now that debian potato is not vulnerable to this if your running potato's version of OpenSSH. I read a few more advisories, and 2 from openbsd.org mention earlier then openssh2.3.1 is not affected by these specific vulnerabilties. and even in the newer ones its only vulnerable under a specific set of circumstances. and even then only affect SSH protocol 2. hardly the bug it was hyped to be. i guess thats good news though :) as colin(i think) mentioned the older ssh isn't quite as audited, so for some maybe its good to upgrade to 3.4 ..for me though my networks heavily depend on SSH1 +RSA authentication so I won't be deploying the new SSH right away ..i guess it depends on when woody is released. using the new SSH would require a lot of re configuration on several dozen servers, something i want to avoid unless its absolutely needed(or i get a spare weekend, yeah right like that'll happen!) nate (going to go ahead and unfirewall my potato systems tomorrow) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
