Debian: DSA-137-2 Important: OpenSSL Vulnerability Patch
debian
June 26, 2002
This advisory is an update to DSA-134-2: the changes mainly deal withpackaging issues; if you have already successfully installed anopenssh package from a previous DSA-134 advisory...
Summary
This advisory is an update to DSA-134-2: the changes mainly deal with
packaging issues; if you have already successfully installed an
openssh package from a previous DSA-134 advisory you may disregard
this message.
Theo de Raadt announced that the OpenBSD team is working with ISS to
address a remote exploit for OpenSSH (a free implementation of the
Secure SHell protocol). They are refusing to provide any details on
the vulnerability but instead are advising users to upgrade to the
latest release, version 3.3.
This version was released 22 Jun 2002 and enabled by default a feature
called privilege seperation, in order to minimize the effect of
exploits in the ssh network handling code. Unfortunately this release
has a few known problems:
* compression does not work on all operating systems since the code
relies on specific mmap features
* the PAM support has not been completed and may break a few PAM modules
* keyboard interactive authentication does not work with privilege
seperation. Most notica...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: ssh
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!