I received this today: Thu Aug 1 14:40:28 MEST 2002
The openssh source tarball openssh-3.4p1.tar.gz from the openbsd ftp server ftp.openbsd.org has been trojaned with code that opens network connections to a server in the internet (203.62.158.32:6667) at compile time. The backdoor does not have any influence on the runtime behaviour of the package to our current knowlege. As of now, the package on the openbsd ftp server has not been removed/cleaned. The SuSE openssh package for SuSE Linux 8.0 has the same version 3.4p1, but it is built from non-trojaned sources. Therefore, the SuSE openssh packages are not affected by this backdoor. We thank our users who have expressed their concerns about the backdoor when they notified SuSE Security, and to Len Rose from [EMAIL PROTECTED] Regards, Roman Drahtmüller, SuSE Security. - -- - - | Roman Drahtmüller <[EMAIL PROTECTED]> // "You don't need eyes to see, | SuSE Linux AG - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | -- Manfred Schuler E_Mail: mailto:[EMAIL PROTECTED] ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
