OpenSSH vulnerability warning
R Shapiro
yellowdog-general@lists.terrasoftsolutions.com
Thu Jun 27 04:31:01 2002
Aurel Wisse writes:
> or is it bettor to recompile following Christoper's
> instructions?
Is there any reason not to simply rebuild the .src.rpm from
openssh.com?
The way the news of this exploit is playing out is pretty interesting.
On some newsgroups I monitor, people who seem eager to spread panic
actually get _angry_ if you point out to them that many linux systems
weren't vulnerable in the first place, and that a trivial sshd_config
change would fix the problem for those that were.
On the other hand, it's of course a good thing that the word spead so
quickly and that YDL has made new builds available so promptly.
I guess the speed is bound to cause a certain amount of unnecessary
panic.
--
rshapiro@bbn.com