[TriLUG] Fwd: Upcoming OpenSSH vulnerability *unverified*
Jeremy P
jeremyp at pobox.com
Tue Jun 25 12:40:28 EDT 2002
On Tue, 25 Jun 2002, Lisa Lorenzin wrote:
>
> new rpms don't appear to have made it onto rufus yet, but they're
> available at
>
> ftp://openbsd.secsup.org/pub/openbsd/OpenSSH/portable/rpm/RH73/
>
> (7.3 RPM works on 7.2 - i'm not sure about older versions.)
>
> looks to me like you have to upgrade to openssh 3.3p AND enable privilege
> separation in sshd_config to mitigate.
Actually, privilege separation is enabled by default in 3.3p; that's one
of the changes. However, for Linux you may need to add "Compression
no" to the sshd_config to prevent fatal mmap errors.
For RHL 6.2 users who don't want to build their own SRPMs (since the RH73
SRPMs require a bunch of dependencies), the tar/gz version works
fine. Hopefully there are fewer and fewer RHL 6.2 users out there, so
this is moot advice. :-)
--Jeremy
More information about the TriLUG
mailing list