OpenSSH vulnerability warning

[R Shapiro]

Aurel Wisse writes:
 > or is it bettor to recompile following Christoper's
 > instructions?

Is there any reason not to simply rebuild the .src.rpm from
openssh.com?  

The way the news of this exploit is playing out is pretty interesting.
On some newsgroups I monitor, people who seem eager to spread panic
actually get _angry_ if you point out to them that many linux systems
weren't vulnerable in the first place, and that a trivial sshd_config
change would fix the problem for those that were.

On the other hand, it's of course a good thing that the word spead so
quickly and that YDL has made new builds available so promptly.

I guess the speed is bound to cause a certain amount of unnecessary
panic.

-- 
rshapiro@bbn.com