security
SITE SECURITY ISSUES

today

articles
howtos
tools
reference

gnu/linux
os x
win32

security
scripting

groupware

Subscribe to "security" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.

© copyright 2002
by Marc Barrot.

Permalink
Friday, March 8, 2002


OpenSSH Alert !

LinuxSecurity: "A bug exists in the channel code of OpenSSH versions 2.0 - 3.0.2 Users with an existing user account can abuse this bug to gain root privileges. Exploitability without an existing user account has not been proven but is not considered impossible. A malicious ssh server could also use this bug to exploit a connecting vulnerable client."[Newsforge]
The portable OpenSSH 3.1 tarball is downloadable from the OpenBSD main repository or any number of mirrors.

As of now, cygwin's latest version is still 3.0.2, the latest MacOS X packaged version is 3.0.1, MacOS X 10.1.3 ships with openSSH 3.0.2, and Stepwise published yesterday a tutorial on compiling the 3.1 release on a MacOS X system.

RedHat rpms of release 3.1 have just been released.

10:06:49 AM  Permalink  comments:     


March 2002
Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            
Feb   Apr

last updated: 10/21/02; 12:45:06 AM.

Currently subscribed to:

 RSS link Curiouser and curiouser!
 RSS link Don W Strickland: RadioFAQ
 RSS link John Robb's Radio Weblog
 RSS link Jon's Radio
 RSS link klogs
 RSS link Linux Magazine
 RSS link Mac Net Journal
 RSS link Matt Mower: liveTopics
 RSS link New York Times: International
 RSS link O'Reilly Network Articles
 RSS link O'Reilly Safari
 RSS link Paolo Valdemarin: Paolo's Weblog
 RSS link Radio Free Blogistan
 RSS link radio-dev
 RSS link Radio.root Updates
 RSS link Sam Ruby
 RSS link Scripting News
 RSS link Simon Fell
 RSS link Slashdot
 RSS link The FuzzyBlog!
 RSS link TidBITS
 RSS link toolbox

Here's how this works.