[This is really aimed at fink-devel, but I've cc'ed -users too as I'm not sure if I'm properly subscribed to -devel at the moment...]
There's a remote security exploit in versions of OpenSSH prior to this week's release of 3.4. From: http://slashdot.org/article.pl?sid=02/06/26/1547242 Dan writes: "OpenSSH 3.4 has been released and will be shortly available on all mirrors. All versions of OpenSSH's sshd between 2.9.9 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. OpenSSH 3.4 fixes this bug." And kylus writes: "The previously-mentioned vulnerability in OpenSSH has been disclosed by ISS X-Force today on the BugTraq list. This is a potential remote root compromise, and while there is a workaround, it's advised that users upgrade to version 3.4 as soon as they can." http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-06-29/0 Fink is currently providing a package for 3.2.2, which is one of the vulnerable versions. Will an upgrade be coming out, Max? -- Chris Devers [EMAIL PROTECTED] DO NOT LEAVE IT IS NOT REAL ------------------------------------------------------- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn _______________________________________________ Fink-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-devel
