---- Original Message ---- From: "Kevin McDermott" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, June 26, 2002 3:34 PM Subject: [scottish] OpenSSH Vulnerability
> Ok, > > So you've seen the hype, but the Advisory has now been released, and > the exploit-fixing commit was committed to the OpenBSD code with in > the last few hours (available through their public cvsweb). > > http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20584 > > Those on larger installations probably wanna close their firewalls to > ssh while they get on the case. openssh-3.4p1 is available now from www.openssh.com - the new privilege separation means that you can't use compression over the ssh link anymore :( but that's a small price to pay for not getting your machine b0rked! :) -- _ __/| ___ ___ __ _________ "Hell hath no fury like a woman scorned \`O_o' / _ \/ -_) // / __/ _ \ for Sega." -- Brodie, 'Mallrats' =(_ _)=/_//_/\__/\_,_/_/ \___/ @ well.com :: William Anderson U - Ack! Phttpt! Thhbbt! http://neuro.me.uk/ -------------------------------------------------------------------- http://www.lug.org.uk http://www.linuxportal.co.uk http://www.linuxjob.co.uk http://www.linuxshop.co.uk --------------------------------------------------------------------
