Linux Today: Linux News On Internet Time.





More on LinuxToday


Madeinlinux Advisory: openssh

Jun 28, 2002, 14:16 (0 Talkback[s])

Openssh versions between 2.9.9 and 3.3 contain a bug in the ChallengeResponseAuthentication code. This bug can be exploited remotely if ChallengeResponseAuthentication is enabled in sshd_config.

New openssh packages are available for Madeinlinux.

New Madeinlinux packages have been released for openssh-3.4p1. openssh-3.4p1 fixes an openssh bug that can be remotely exploitable (cfr. http://www.openssh.com/txt/preauth.adv)

The new packages can be found at these URLs:

Packages for Madeinlinux 4.0SE (glibc 2.1):
ftp.madeinlinux.com/distro/4.0SE/updates/madeinlinux/RPMS/openssh*

Packages for Madeinlinux 5.0 (glibc 2.2)
ftp.madeinlinux.com/devel/RPMS/openssh*3.4p1*