Dan Harkless wrote: > > Argh. I tried to forward the below CERT advisory to the list yesterday but > it was rejected because I used a MIME-based forward. The list rejects such > posts without bouncing them back to you, which is quite broken behavior, > thus I need to re-compose this intoductory text. > > Looking at the series of OpenSSL vulnerabilities discussed below, it would > *appear* that OpenSSH is not affected by them (a Bugtraq search and a look > at <http://www.openssh.org/security.html> didn't reveal a more canonical > answer). > > However, if there are *any* known security holes in libssl, it would seem > like a good idea for someone to recompile ssh.lrp and sshd.lrp with OpenSSL > 0.9.6e when they have a chance. It appears that at least some Linux distros > have released new OpenSSH packages built against the fixed OpenSSL.
Already done - yesterday: <http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/devel/helices/openssh/> Message-ID: <[EMAIL PROTECTED]> -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html