On Sat, Dec 18, 1999 at 11:38:01PM -0700, Axalon Bloodstone wrote:
> On Sat, 18 Dec 1999, Ramon Gandia wrote:
> > "Ronald J. Yacketta" wrote:
> > >
> > > Michael Flaig wrote:
> > > >
> > > > Hello !
> > > > How can I get SSH for Mandrake 6.1 ?
> > > > It is needed for Servers ... to get Access from some remote stations ...
> > > >
> > > > It is not delivered with the Mandrake GPL Distribution ...
> > > > I canīt find it ...
> >
> > The 1.2.28 version should be released soon to cover this
> > security hole. It would also be possible to get the
> > 1.2.27 version in source form and do the security patch
> > and then reinstall.
> >
> > ssh 2.x is not affected.
Snip...I am surprised the OpenSSH hasn't come up in this thread.
OpenSSH wasn't effected by the recent RSAREF fiasco, and it is
completely legal for use in the US (as no patented algorithms are
being supported).
www.openssh.org
Shane Owenby
IBM Linux Technology Center
> >
> > The CERT advisory on ssh 1.2.27 and prior just came out this
> > week on Wednesday. Its a critical security hole if you have
> > your /etc/hosts.deny and /etc/hosts.allow files set up to
> > allow global ssh logins (most are, and is the default in that
> > ssh is not mentioned in those files, leaving them wide open).
>
> as always CERT right on top of things.. Not
It was on BUGTRAQ a week or so earlier IIRC. :)
> Away i'm still not allowed to touch crypto, i'll see with yoann to get you
> guys an update as soon as it's avaiable
That sux...hopefully those moronic laws will change soon :)
