[lug] SSH Hole (Debian)

Dhruva B. Reddy bdhruva at gmx.net
Wed Sep 17 13:18:48 MDT 2003


Actually I am subscribed, and they usually do a wonderful job of
explaining which versions include the security fix, but it was less
clear this time.

On Wed, 17 Sep 2003 at 10:47 -0600, Nate Duehr soliloquized thusly:
> Also, get a mailing list subscription to
> debian-security-announce at lists.debian.org if you're running Debian boxes -- 
> it's extremely low traffic (i.e. only announcements of new security
> packages) and quite useful.
> 
> Nate Duehr, nate at natetech.com
> 
> ----- Original Message ----- 
> From: "Matt Clauson" <mec at dotorg.org>
> To: <lug at lug.boulder.co.us>
> Sent: Wednesday, September 17, 2003 9:56 AM
> Subject: Re: [lug] SSH Hole (Debian)
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Wednesday 17 September 2003 07:06, Dhruva B. Reddy wrote:
> > Does anyone running Debian unstable know if the latest ssh package
> > for that contains the patch for this latest hole?
> >
> > I noticed a release yesterday (3.6.1p2-7) which, as of this writing,
> > is the latest version available, but there doesn't seem to be any
> > information on whether or not the patch was backported to this.
> 
> I'd say yes.  Changelogs are one's friend.
> 
> mec at mandy:~$ zless /usr/share/doc/ssh/changelog.Debian.gz
> openssh (1:3.6.1p2-7) unstable; urgency=high
> 
>   * Update debconf template translations:
>     - French (thanks, Christian Perrier; closes: #208801).
>     - Japanese (thanks, Kenshi Muto; closes: #210380).
>   * Some small improvements to the English templates courtesy of
> Christian
>     Perrier. I've manually unfuzzied a few translations where it was
>     obvious, on Christian's advice, but the others will have to be
> updated.
>   * Document how to generate an RSA1 host key (closes: #141703).
>   * Incorporate NMU fix for early buffer expansion vulnerability,
>     CAN-2003-0693 (closes: #211205). Thanks to Michael Stone.
> 
>  -- Colin Watson <cjwatson at debian.org>  Tue, 16 Sep 2003 14:32:28 +0100
> 
> openssh (1:3.6.1p2-6.0) unstable; urgency=high
> 
>   * SECURITY: fix for CAN-2003-0693, buffer allocation error
> 
>  -- Michael Stone <mstone at debian.org>  Tue, 16 Sep 2003 08:27:07 -0400
> 
> - --mec
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
> 
> iD8DBQE/aIQavDNtj3aXDYkRApzZAJ4vc/pmP3TYoxxEWwm8gP2t4bhjoACcCbos
> c/a1Jik6jCA8RjIOXLvpHlE=
> =/jkv
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us portf67 channel=olug
> 
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug

-- 
 "Those who would give up essential liberty to purchase a little temporary
 safety deserve neither liberty or safety. Nor, are they likely to end
 up with either."-- Benjamin Franklin




More information about the LUG mailing list