I don't know how you managed it (given that openssh-server depends on a
good enough version; perhaps you have it on hold or something?), but
that version of libssl0.9.8 is absolutely vulnerable. You need to
upgrade to 0.9.8g-9 or newer.
I'm having the same problem on 64bit etch - apt-get
Ugh - sorry for the extra post - but I found bug
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481519
and had the same problem - somewhere I managed to get a testing verion
of libssl0.9.8 - a downgrade fixed my problem.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
Package: openssh-server
Version: 1:4.3p2-9etch1
Severity: important
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-xen-686
Locale: LANG=en_US.UTF-8,
Am Freitag, 16. Mai 2008 11:42 schrieb Debian Bug Tracking System:
This is an automatic notification regarding your Bug report
which was filed against the openssh-server package:
#481446: openssh-server: openssh does not start complaining about
comprimised keys with new generated keys
It
On Fri, May 16, 2008 at 11:57:16AM +0200, Michael Schwartzkopff wrote:
thanks for the explanation. I understood that my system still creates
comprimised keys. I did a full apt-get update and apt-get upgrade. After
thank I installed ssh with
apt-get install openssh-server openssh-client
5 matches
Mail list logo