[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Re: SSH Packages

Subject: [cobalt-security] Re: SSH Packages
From: "Rhys Lewis" <rhys@xxxxxxxxxx>
Date: Fri, 9 Apr 2004 21:17:54 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> Have you checked out the ones at Solarspeed.net?
>
> http://www.solarspeed.net/downloads/index.php
>
> James
>

I've looked there and various other places, but they seem to be built on
vulnerable versions.  For example the solarspeed.net one uses
OpenSSL-0.9.7b, which is affected as described here:

http://www.openssl.org/news/secadv_20040317.txt

The advisory was 17 March 2004, but most package sites don't seem to have
been updated since last year.  Perhaps it's because Sun has EOLed the RAQs?

If the worst comes to the worst I could uninstall the package and try to
compile it myself, but I seem to remember there were libraries it needed,
and they needed libraries and so on...

Rhys

Follow-Ups:
- Re: [cobalt-security] Re: SSH Packages
  - From: Michael Stauber

Prev by Date: Re: [cobalt-security] SSH Packages
Next by Date: Re: [cobalt-security] Re: SSH Packages
Previous by thread: Re: [cobalt-security] SSH Packages
Next by thread: Re: [cobalt-security] Re: SSH Packages

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index