rious hole is in
> > > > all versions of OpenSSH shipped with all versions of RedHat:
> > > > http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-06-29/0
> > >
> > > does any redhat ship with 'ChallengeResponseAuthentication yes' as
&
Craig Kelley ([EMAIL PROTECTED]) said:
> Redhat 6.2 had ChallengeResponseAuthentication = no, but that line is
> commented out by default.
>
> Does anyone from RedHat have any comment on this?
Red Hat never shipped OpenSSH in Red Hat Linux 6.2 (or ear
On Thu, 27 Jun 2002, John Summerfield wrote:
>
> >
> > > The 6.2 version is commented out, but the 'no' value is what is commented
> > > out
> > >
> >
> > According to some folks on Slashdot and Valhalla-list, they think Red
> > Hat 7.x is not vulnerable to this exploit because it doesn
>
> > The 6.2 version is commented out, but the 'no' value is what is commented
> > out
> >
>
> According to some folks on Slashdot and Valhalla-list, they think Red
> Hat 7.x is not vulnerable to this exploit because it doesn't appear to
> have used that compile time option.
>
> Can an
On Wed, 2002-06-26 at 09:52, Craig Kelley wrote:
> On Wed, 26 Jun 2002, Dan Hollis wrote:
>
> > On Wed, 26 Jun 2002, Craig Kelley wrote:
> > > I know you're all probably aware of this by now, but a serious hole is in
> > > all versions of OpenSSH
On Wed, 26 Jun 2002, Dan Hollis wrote:
> On Wed, 26 Jun 2002, Craig Kelley wrote:
> > I know you're all probably aware of this by now, but a serious hole is in
> > all versions of OpenSSH shipped with all versions of RedHat:
> > http://online.securityfocus.com/archiv
On Wed, 26 Jun 2002, James Olin Oden wrote:
> >
> >
> > I know you're all probably aware of this by now, but a serious hole is in
> > all versions of OpenSSH shipped with all versions of RedHat:
> >
> > http://online.securityfocus.com/archive/1/
On Wed, 26 Jun 2002, Dan Hollis wrote:
> On Wed, 26 Jun 2002, Craig Kelley wrote:
> > I know you're all probably aware of this by now, but a serious hole is in
> > all versions of OpenSSH shipped with all versions of RedHat:
> > http://online.securityfocus.com/archiv
On Wed, 26 Jun 2002, Craig Kelley wrote:
> I know you're all probably aware of this by now, but a serious hole is in
> all versions of OpenSSH shipped with all versions of RedHat:
> http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-06-29/0
does any re
y, that my site has chosen to run
a different (non-RedHat Default) version of SSH due to some quirks
regarding differences in the management of public and private keys. The
version we ended up with does NOT claim to be OpenSSH, but instead just
ssh: SSH Version x.y.z
or, when connectin
>
>
> I know you're all probably aware of this by now, but a serious hole is in
> all versions of OpenSSH shipped with all versions of RedHat:
>
> http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-06-29/0
This was, according to Theo De Raadt, not su
I know you're all probably aware of this by now, but a serious hole is in
all versions of OpenSSH shipped with all versions of RedHat:
http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-06-29/0
Someone needs to beat ISS up a bit, IMHO; this is irresponsible. The
David,
On Sun, 2 Jun 2002, David Juran wrote:
> Riku Meskanen wrote:
> > Howdy,
> >
> > I noticed that the new releas of the OpenSSH 3.2.3p1
> > rpm package,
> >
> > ftp://ftp.openbsd.org/
> >
> > rpm --rebuild --define "build_6x 1" o
Riku Meskanen wrote:
> Howdy,
>
> I noticed that the new releas of the OpenSSH 3.2.3p1
> rpm package,
>
> ftp://ftp.openbsd.org/
>
> rpm --rebuild --define "build_6x 1" openssh-3.2.3p1-1.src.rpm
>
> fails on Red Hat 6.2 because the build6x does no
t; > On Sat, 25 May 2002, Riku Meskanen wrote:
> > > > >
> > > > > rpm --rebuild --define "build_6x 1" openssh-3.2.3p1-1.src.rpm
> > > > >
> > > > > fails on Red Hat 6.2 because the build6x does not
> > > > > unfortunately exclude
On Tue, May 28, 2002 at 02:14:32PM -0400, Trond Eivind Glomsr?d wrote:
> Florin Andrei <[EMAIL PROTECTED]> writes:
>
> > On Sun, 2002-05-26 at 01:24, Pekka Savola wrote:
> > > On Sat, 25 May 2002, Riku Meskanen wrote:
> > > >
> > > > rpm --rebu
Pekka Savola <[EMAIL PROTECTED]> writes:
> On Sat, 25 May 2002, Riku Meskanen wrote:
> > Howdy,
> >
> > I noticed that the new releas of the OpenSSH 3.2.3p1
> > rpm package,
> >
> > ftp://ftp.openbsd.org/
> >
> > rpm --rebuild --define
On Sun, 26 May 2002, Pekka Savola wrote:
> On Sun, 26 May 2002, Riku Meskanen wrote:
> > On Sun, 26 May 2002, Pekka Savola wrote:
> > > On Sat, 25 May 2002, Riku Meskanen wrote:
> > > > Howdy,
> > > >
> > > > I noticed that the
On Sun, 26 May 2002, Riku Meskanen wrote:
> On Sun, 26 May 2002, Pekka Savola wrote:
> > On Sat, 25 May 2002, Riku Meskanen wrote:
> > > Howdy,
> > >
> > > I noticed that the new releas of the OpenSSH 3.2.3p1
> > > rpm package,
> > >
> >
On Sun, 26 May 2002, Pekka Savola wrote:
> On Sat, 25 May 2002, Riku Meskanen wrote:
> > Howdy,
> >
> > I noticed that the new releas of the OpenSSH 3.2.3p1
> > rpm package,
> >
> > ftp://ftp.openbsd.org/
> >
> > rpm --rebuild --define "bu
On Sat, 25 May 2002, Riku Meskanen wrote:
> Howdy,
>
> I noticed that the new releas of the OpenSSH 3.2.3p1
> rpm package,
>
> ftp://ftp.openbsd.org/
>
> rpm --rebuild --define "build_6x 1" openssh-3.2.3p1-1.src.rpm
>
> fails on Red Hat 6.2 because the
Howdy,
I noticed that the new releas of the OpenSSH 3.2.3p1
rpm package,
ftp://ftp.openbsd.org/
rpm --rebuild --define "build_6x 1" openssh-3.2.3p1-1.src.rpm
fails on Red Hat 6.2 because the build6x does not
unfortunately exclude Kerberos5, I'm appending a
small patch that fi
a with openssl095a-0.9.5a
> > 4) Recompile latest openssl from 7.2
> > 5) Install
> > 6) Rebuild openssh-3.1p1
> > 7) Install or upgrade
> > 8) Make sure before you log off from another window that you are
> >still able to login to the system and the configura
7.2
> 5) Install
> 6) Rebuild openssh-3.1p1
> 7) Install or upgrade
> 8) Make sure before you log off from another window that you are
>still able to login to the system and the configuration at
>/etc/sshd_config and /etc/ssh_config suits your needs.
This is great!
Howe
gt; > > >
> > > > > > ... So I'm hoping Red Hat comes up with theirs soon. :-)
> > > > >
> > > > > Red Hat never shipped official openssh packages for 6.2...
> > > >
> > > > OpenSSH 3.1 also requires OpenSSL
> > > > > They have 7.2 packages, but I tried 'rpm --rebuild'ing the SRPMs from there
> > > > > for my 6.2 systems and the rebuild failed with a pile of errors.
> > > > >
> > > > > ... So I'm hoping Red Hat comes up with th
27;rpm --rebuild'ing the SRPMs from there
> > > > for my 6.2 systems and the rebuild failed with a pile of errors.
> > > >
> > > > ... So I'm hoping Red Hat comes up with theirs soon. :-)
> > >
> > > Red Hat never shipped official
x27;ing the SRPMs from there
> > > > for my 6.2 systems and the rebuild failed with a pile of errors.
> > > >
> > > > ... So I'm hoping Red Hat comes up with theirs soon. :-)
> > >
> > > Red Hat never shipped official openssh packages
ms and the rebuild failed with a pile of errors.
> > >
> > > ... So I'm hoping Red Hat comes up with theirs soon. :-)
> >
> > Red Hat never shipped official openssh packages for 6.2...
>
> OpenSSH 3.1 also requires OpenSSL 0.9.6 or newer to build, which
On Thu, 7 Mar 2002, Nalin Dahyabhai wrote:
> OpenSSH 3.1 also requires OpenSSL 0.9.6 or newer to build, which we
> haven't backported to 6.2. I'm sure this isn't going to be pretty.
openssl 0.9.6a compiles out of the box for 6.2 without a single problem.
ive been running o
> > ... So I'm hoping Red Hat comes up with theirs soon. :-)
>
> Red Hat never shipped official openssh packages for 6.2...
OpenSSH 3.1 also requires OpenSSL 0.9.6 or newer to build, which we
haven't backported to 6.2. I'm sure this isn't going to be pretty.
Pete Peterson ([EMAIL PROTECTED]) said:
> They have 7.2 packages, but I tried 'rpm --rebuild'ing the SRPMs from there
> for my 6.2 systems and the rebuild failed with a pile of errors.
>
> ... So I'm hoping Red Hat comes up with theirs soon. :-)
Red Hat nev
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Re: New Openssh packages? When?
>
> >|Any idea when new openssh packages will be released?
>
> Get them now at http://www.openssh.com.
>
> Bob T.
They have 7.2 packages, but I tried 'rpm --r
>|Any idea when new openssh packages will be released?
Get them now at http://www.openssh.com.
Bob T.
___
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
HEllo...
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=60829
Joseph Tate wrote:
> Any idea when new openssh packages will be released? There's a pretty
> serious hole that was just found:
> http://www.pine.nl/advisories/pine-cert-20020301.txt
>
> Anyway. I'
Any idea when new openssh packages will be released? There's a pretty
serious hole that was just found:
http://www.pine.nl/advisories/pine-cert-20020301.txt
Anyway. I'd like to get my systems all updated ASAP.
Joseph
___
Redhat-devel-li
"Bert Vortman" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
>
> I was trying to install openssh from rawhide,
> it asked for libcrypto.so.3...
> somewhere else?), or should i recompile openssh?
Recompile (re
On Thu, Feb 14, 2002 at 08:49:01AM -0500, Bert Vortman wrote:
> I was trying to install openssh from rawhide,
> it asked for libcrypto.so.3, which should be present in
> glibc, but is not. Am i missing something here (is libcrypt moved
> somewhere else?), or should i recompile o
Hi,
I was trying to install openssh from rawhide,
it asked for libcrypto.so.3, which should be present in
glibc, but is not. Am i missing something here (is libcrypt moved
somewhere else?), or should i recompile openssh?
Regards,
Bert
> On Mon, Jul 24, 2000 at 12:09:31PM +0200, Bernhard Rosenkraenzer wrote:
> > > What about the regular ssh?
> >
> > No way. Its license sucks and it doesn't have any advantages over
> > current versions of OpenSSH.
>
> It has. It's long out in the
On Mon, 24 Jul 2000, Chris Abbey wrote:
>Date: Mon, 24 Jul 2000 16:44:21 -0500
>From: Chris Abbey <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: OpenSSH/SSL
>
>At 13:25 7/24/00 +0200, Daniel Roesen <[EMAIL PROTECTED]> wrote:
>>It has. It's long
At 13:25 7/24/00 +0200, Daniel Roesen <[EMAIL PROTECTED]> wrote:
>It has. It's long out in the field.
umm... ok, like what for instance? I spent about two weeks doing a comparison
and I couldn't find anything in ssh that OpenSSH didn't do, I'm curious what
I missed.
On Mon, 24 Jul 2000, Bernhard Rosenkraenzer wrote:
>Date: Mon, 24 Jul 2000 12:09:31 +0200 (CEST)
>From: Bernhard Rosenkraenzer <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: OpenSSH/SSL
>
>On Mon, 24 Jul 2000, Mike A. Harris wrote:
>
>> Any consideratio
On Mon, Jul 24, 2000 at 12:09:31PM +0200, Bernhard Rosenkraenzer wrote:
> > What about the regular ssh?
>
> No way. Its license sucks and it doesn't have any advantages over
> current versions of OpenSSH.
It has. It's long out in the field.
Best regards,
Danie
On Mon, 24 Jul 2000, Mike A. Harris wrote:
> Any consideration being made of including OpenSSH and OpenSSL to
> RawHide?
The RSA patent still prevents us from doing this - but fortunately it will
be expiring later this year.
Right now, check ftp://ftp.redhat.de/pub/rh-addons/security.
On Mon, 24 Jul 2000, Mike A. Harris wrote:
> Any consideration being made of including OpenSSH and OpenSSL to
> RawHide? What about the regular ssh? Since the crypto relaxo
> has occured, and there are now crypto products in RH, it would be
> nice to have SSH included by default as
Any consideration being made of including OpenSSH and OpenSSL to
RawHide? What about the regular ssh? Since the crypto relaxo
has occured, and there are now crypto products in RH, it would be
nice to have SSH included by default as well as SSL. I think
those two are likely very highly used
Enclosed please find a small patch to compile openssh-2.2.1p1-x.src.rpm with
glibc-2.1.90: Declare rresvport_af as in /usr/include/netdb.h
diff -urNb openssh-2.1.1p1/bsd-rresvport.c openssh-2.1.1p1_new/bsd-rresvport.c
--- openssh-2.1.1p1/bsd-rresvport.c Wed Jan 19 03:45:07 2000
48 matches
Mail list logo