Hi Atro,
I would assume this also fixes the problem with krb5_xfree() and the
renamed libcrypto.x to libk5crypto.x. I posted a patch for this about 2
weeks ago.
Carl
On 30-Jun-00 Atro Tossavainen wrote:
> Dear Sami,
>
>> We released a new version of ssh1, ssh-1.2.28. This has the latest
>> Kerberos related security fixes.
>
> A few other recent fixes come to mind that should also be there, but
> aren't:
>
> - disallowing access via unsupported ciphers (particularly "none") from
> malicious clients in sshd.c, as discovered and patched by Markus
> Friedl
> in a Dec 1999 post to Bugtraq and forwarded to the ssh list by Jean
> Chouanard on Dec 14, 1999�;
>
> - not hogging syslog file handles (to guard against potential problems
> on large multi-user IRIX machines), as discovered and patched�
> (against 1.2.26!) by James Barlow in February 1999;
>
> - making sure scp's don't miss data at the ends of files; I am sorry
> I can't attribute this change to anybody (please stand up!) and I
> didn't find the patch on any search engines or the list archive
> either, but it's been patched in March 2000, it's a few lines in
> serverloop.c, around line 429, and essentially adds checking for
> file descriptor EOF in two places.
>
> � <URL:http://www.cs.hut.fi/ssh-archive/messages/991214-211116-6383>
>
> �
> <URL:http://www.ncsa.uiuc.edu/General/CC/ssh/patch_repository/descriptio
> ns/syslog_open_handle.html>
>
> --
> Atro Tossavainen (Mr.), Systems Analyst, contact info at URL,
> +358-9-19158939
> Institute of Biotechnology, University of Helsinki, Finland
> My opinions may freely be shared by my employers if they want to.
> < URL : http : / / www . iki . fi / atro . tossavainen / >
------------------------------------------------------------------------
E-Mail: Carl J. Nobile <[EMAIL PROTECTED]>
Date: 30-Jun-00 Phone: 315-453-2912 Ex. 5336
Time: 13:16:31 Fax: 315-479-0859
Software Engineering Group -- AppliedTheory Corp.
224 Harrison Street, 6th Floor, Syracuse, NY 13202
------------------------------------------------------------------------
