OpenSSH vulnerability warning
Dan Burcaw
yellowdog-general@lists.terrasoftsolutions.com
Wed Jun 26 15:25:00 2002
OpenSSH updates for 2.2 and 2.3 have been pushed to our master site
along with apache updates.. this means they will mirror this evening.
I've also setup a temporary site to get these updates NOW. The cavaet
being that this url does not support apt-get updating... just manual
download and install. I've done it due to the mirrors still being
tight from the YDL 2.3 push, and general congestion.
ftp://ftp.terraplex.com/updates/
On Tue, 2002-06-25 at 10:53, Christopher Murtagh wrote:
>
> Just a heads up to anyone who might not have seen it:
>
> http://marc.theaimsgroup.com/?l=openbsd-announce&m=102497569424297&w=2
>
> http://slashdot.org/article.pl?sid=02/06/24/1912215&mode=thread&tid=167
>
> According to the above, if you aren't running OpenSSH 3.3, you will
> probably want to upgrade ASAP and turn on UsePrivilegeSeparation. By the
> sounds of it, there is a nasty exploit that will be made public soon.
>
> Tough luck for Terra Soft, this is the second OpenSSH vulnerability that
> came right *after* a new YDL release. :-( So, when's YDL 2.4 coming out.
> :-)
>
> Cheers,
>
> Chris
>
> --
>
> Christopher Murtagh
> Webmaster / Sysadmin
> Web Communications Group
> McGill University
> Montreal, Quebec
> Canada
>
> Tel.: (514) 398-3122
> Fax: (514) 398-2017
>
>
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general@lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general