[cobalt-security] Re: OpenSSH-3.7.1p2 released

["Achieve IT" <info@xxxxxxxxxxxxxx>]

I installed,  OpenSSH-3.7p1, on my RaQ4 server from Solarspeed two days ago.
All went fine. I have just tried to install OpenSSH-3.7.1p2.  I confirmed
that I wished overwrite existing package. However, I then got the message
that package was not installed. Why might this have happened?
Thanks,
Declan.


Message: 1
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Organization: SOLARSPEED.NET
To: <cobalt-security@xxxxxxxxxxxxxxx>
Date: Tue, 23 Sep 2003 19:46:30 +0200
Subject: [cobalt-security] OpenSSH-3.7.1p2 released
Reply-To: cobalt-security@xxxxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

With the third hotfix in eight days OpenSSH is getting quite unpopular in
certain circles that roll up patches. ;o)

Just today OpenSSH-3.7.1p2 has been released.

If you have OpenSSH-3.7p1 or OpenSSH-3.7.1p1 or any OpenSSH older than that,
then please take the time to upgrade again.

OpenSSH version 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the
new
PAM authentication code. At least one of these bugs is remotely exploitable
(under a non-standard configuration, with privsep disabled).

As our OpenSSH PKGs for the Sun Cobalt RaQs (and the Qube 3) do use privesep
you shouldn't be vulnerable. However, better play it safe than sorry and
grab
the updates.

More information about the vulnerability and other changes can be found in
the
release notes of OpenSSH-3.7.1p2.

Release notes:
http://marc.theaimsgroup.com/?l=openbsd-misc&m=106432248311634&w=2

The new OpenSSH PKGs for the RaQ3, RaQ4, RaQ XTR, RaQ550 and Qube 3 can be
found on our download page.

PKG download page:
http://www.solarspeed.net/downloads/index.php

- --

 With best regards,

Michael Stauber
Solarspeed.net

Public PGP Key: https://www.solarspeed.net/mstauber.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/cIb6EcjLwmf9gR4RAu83AJsFwaAZSx5MCrqZcppGqAaTdBemCwCgvMwW
u4fDGrpza6icrCaQ0qD4Fm0=
=jyeR
-----END PGP SIGNATURE-----