Re: [cobalt-security] OpenSSH-3.7.1p2 released

["Dave @ The Hostworks" <lists@xxxxxxxxxxxxxxxx>]

Thanks for the update, Michael

Regards
Dave
----- Original Message -----
From: "Michael Stauber" <cobalt@xxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Tuesday, September 23, 2003 1:46 PM
Subject: [cobalt-security] OpenSSH-3.7.1p2 released


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi all,
>
> With the third hotfix in eight days OpenSSH is getting quite unpopular in
> certain circles that roll up patches. ;o)
>
> Just today OpenSSH-3.7.1p2 has been released.
>
> If you have OpenSSH-3.7p1 or OpenSSH-3.7.1p1 or any OpenSSH older than
that,
> then please take the time to upgrade again.
>
> OpenSSH version 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the
new
> PAM authentication code. At least one of these bugs is remotely
exploitable
> (under a non-standard configuration, with privsep disabled).
>
> As our OpenSSH PKGs for the Sun Cobalt RaQs (and the Qube 3) do use
privesep
> you shouldn't be vulnerable. However, better play it safe than sorry and
grab
> the updates.
>
> More information about the vulnerability and other changes can be found in
the
> release notes of OpenSSH-3.7.1p2.
>
> Release notes:
> http://marc.theaimsgroup.com/?l=openbsd-misc&m=106432248311634&w=2
>
> The new OpenSSH PKGs for the RaQ3, RaQ4, RaQ XTR, RaQ550 and Qube 3 can be
> found on our download page.
>
> PKG download page:
> http://www.solarspeed.net/downloads/index.php
>
> - --
>
>  With best regards,
>
> Michael Stauber
> Solarspeed.net
>
> Public PGP Key: https://www.solarspeed.net/mstauber.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
>
> iD8DBQE/cIb6EcjLwmf9gR4RAu83AJsFwaAZSx5MCrqZcppGqAaTdBemCwCgvMwW
> u4fDGrpza6icrCaQ0qD4Fm0=
> =jyeR
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>