On Sun, Dec 23, 2001, Yotam Rubin wrote about "Re: http://www.linux.org.il/ rants": > Once crucially important update is ssh, whose version on iglu.org.il appears > to be vulnerable to the CRC compensation bug, which may grant arbitrary > access to attackers. You can try and convert that Redhat box to Debian, > which will ease the strain of constantly monitoring updates and allow trivial > upgradability. If I can assist you in any way, please tell me.
Right. If I remember correctly, openSSH 2.1.1 *was* vulnerable :( There's no need to upgrade to debian for this... What I do is just mirror Redhat's updates directory (a mirror in Israel already exists in Netvision, by the way, I think it is in redhat.netvision.net.il), and then periodically (or when I read something interesting in bugtraq) just "rpm -Fvh" all these updates. If you already mirror these updates (after all, iglu.org.il contains mirrors, doesn't it?), then it is trivial to use them! :) The new openSSH is in the updates directory for probably over 8 months... please check... -- Nadav Har'El | Sunday, Dec 23 2001, 8 Tevet 5762 [EMAIL PROTECTED] |----------------------------------------- Phone: +972-53-245868, ICQ 13349191 |If I am not for myself, who will be for http://nadav.harel.org.il |me? If I am only for myself, who am I? ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
