[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] OpenSSH-3.7.1p2 released
- Subject: Re: [cobalt-security] OpenSSH-3.7.1p2 released
- From: "Dave @ The Hostworks" <lists@xxxxxxxxxxxxxxxx>
- Date: Tue, 23 Sep 2003 14:16:36 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Thanks for the update, Michael
Regards
Dave
----- Original Message -----
From: "Michael Stauber" <cobalt@xxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Tuesday, September 23, 2003 1:46 PM
Subject: [cobalt-security] OpenSSH-3.7.1p2 released
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi all,
>
> With the third hotfix in eight days OpenSSH is getting quite unpopular in
> certain circles that roll up patches. ;o)
>
> Just today OpenSSH-3.7.1p2 has been released.
>
> If you have OpenSSH-3.7p1 or OpenSSH-3.7.1p1 or any OpenSSH older than
that,
> then please take the time to upgrade again.
>
> OpenSSH version 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the
new
> PAM authentication code. At least one of these bugs is remotely
exploitable
> (under a non-standard configuration, with privsep disabled).
>
> As our OpenSSH PKGs for the Sun Cobalt RaQs (and the Qube 3) do use
privesep
> you shouldn't be vulnerable. However, better play it safe than sorry and
grab
> the updates.
>
> More information about the vulnerability and other changes can be found in
the
> release notes of OpenSSH-3.7.1p2.
>
> Release notes:
> http://marc.theaimsgroup.com/?l=openbsd-misc&m=106432248311634&w=2
>
> The new OpenSSH PKGs for the RaQ3, RaQ4, RaQ XTR, RaQ550 and Qube 3 can be
> found on our download page.
>
> PKG download page:
> http://www.solarspeed.net/downloads/index.php
>
> - --
>
> With best regards,
>
> Michael Stauber
> Solarspeed.net
>
> Public PGP Key: https://www.solarspeed.net/mstauber.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
>
> iD8DBQE/cIb6EcjLwmf9gR4RAu83AJsFwaAZSx5MCrqZcppGqAaTdBemCwCgvMwW
> u4fDGrpza6icrCaQ0qD4Fm0=
> =jyeR
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>