[TriLUG] openssh vulnerability on login.trilug.org may affect you

Jim Tuttle jjtuttle at trilug.org
Tue May 13 16:45:40 EDT 2008


Very odd. I'm running Ubuntu 8.04 and thought I'd confirm that I have
the recommended update to openssh-client, 1:4.7p1-8ubuntu1.1.  I don't.
 I have 1:4.7p1-8ubuntu1.  So, I looked in my update history and see I
the last ssh update I got was April 2nd.  Running the update manager
doesn't pull it down and
http://packages.ubuntu.com/dapper/net/openssh-client shows
1:4.2p1-7ubuntu3.3 as the latest update.

If the package maintainer has updated the package, why isn't it being
pushed out via apt?  Very odd.

Also, I just regenerated a key with my installed version,
1:4.7p1-8ubuntu1, and it seems to also be vulnerable.  Stupid.

Jim

Cristóbal Palmer wrote:
> Hi folks,
> 
> If for some strange reason you're not also on the low-traffic
> "trilug-announce" list, please go subscribe, because you're missing
> important posts like this one:
> 
> http://www.trilug.org/pipermail/trilug-announce/2008/000145.html
> 
> To subscribe, go here:
> 
> http://www.trilug.org/mailman/listinfo/trilug-announce
> 
> Cheers,


-- 
--
---Jim Tuttle
------------------------------------------------------
http://www.braggtown.com
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x69B69B08




More information about the TriLUG mailing list