[TriLUG] openssh vulnerability on login.trilug.org may affect you
Jim Tuttle
jjtuttle at trilug.org
Tue May 13 16:48:35 EDT 2008
Hit return too quickly. It turns out that the Georgia Tech Ubuntu
mirror isn't synced. Using the main server for the US brought the
update down.
Jim
Jim Tuttle wrote:
> Very odd. I'm running Ubuntu 8.04 and thought I'd confirm that I have
> the recommended update to openssh-client, 1:4.7p1-8ubuntu1.1. I don't.
> I have 1:4.7p1-8ubuntu1. So, I looked in my update history and see I
> the last ssh update I got was April 2nd. Running the update manager
> doesn't pull it down and
> http://packages.ubuntu.com/dapper/net/openssh-client shows
> 1:4.2p1-7ubuntu3.3 as the latest update.
>
> If the package maintainer has updated the package, why isn't it being
> pushed out via apt? Very odd.
>
> Also, I just regenerated a key with my installed version,
> 1:4.7p1-8ubuntu1, and it seems to also be vulnerable. Stupid.
>
> Jim
>
> Cristóbal Palmer wrote:
>> Hi folks,
>>
>> If for some strange reason you're not also on the low-traffic
>> "trilug-announce" list, please go subscribe, because you're missing
>> important posts like this one:
>>
>> http://www.trilug.org/pipermail/trilug-announce/2008/000145.html
>>
>> To subscribe, go here:
>>
>> http://www.trilug.org/mailman/listinfo/trilug-announce
>>
>> Cheers,
>
>
--
--
---Jim Tuttle
------------------------------------------------------
http://www.braggtown.com
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x69B69B08
More information about the TriLUG
mailing list