[linux-sec-uk] OpenSSH buffer management error - Patch 2
Mark Boddington
linux-sec-uk at mailman.lug.org.uk
Wed Sep 17 09:04:00 2003
Hi all,
We're up to 3.7.1
The advisory has been updated. I tlooks like 3.7 missed something. If you patched
last night, its time to do it again! The changelog says:
20030917
- (djm) OpenBSD Sync
- markus@cvs.openbsd.org 2003/09/16 21:02:40
[buffer.c channels.c version.h]
more malloc/fatal fixes; ok millert/deraadt; ghudson at MIT.EDU
- (djm) Crank RPM spec versions
- (djm) Release 3.7.1p1
fun, fun, fun.
Mark
James Davis wrote:
> Am sure you've already heard of today's announcement of the flaw in
> OpenSSH detailed at http://www.openssh.com/txt/buffer.adv but I felt this
> affects enough people to justify a posting to this list. Exploits are in
> the wild already so upgrade to OpenSSH 3.7 (see your vendor or
> openssh.com) or apply the patch provided at OpenSSH.com
>
> Regards,
>
> James
>
>
> _______________________________________________
> linux-sec-uk mailing list
> linux-sec-uk@mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/linux-sec-uk
>
>