security
SITE SECURITY ISSUES



Subscribe to "security" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.

© copyright 2002
by Marc Barrot.

Permalink
Friday, March 8, 2002


OpenSSH Alert !

LinuxSecurity: "A bug exists in the channel code of OpenSSH versions 2.0 - 3.0.2 Users with an existing user account can abuse this bug to gain root privileges. Exploitability without an existing user account has not been proven but is not considered impossible. A malicious ssh server could also use this bug to exploit a connecting vulnerable client."[Newsforge]
The portable OpenSSH 3.1 tarball is downloadable from the OpenBSD main repository or any number of mirrors.

As of now, cygwin's latest version is still 3.0.2, the latest MacOS X packaged version is 3.0.1, MacOS X 10.1.3 ships with openSSH 3.0.2, and Stepwise published yesterday a tutorial on compiling the 3.1 release on a MacOS X system.

RedHat rpms of release 3.1 have just been released.

10:06:49 AM  Permalink  comments:     


March 2002
Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            
Feb   Apr

last updated: 10/21/02; 12:45:06 AM.