OpenSSH heads-up
Jacques A. Vidrine
nectar at FreeBSD.org
Tue Sep 16 07:55:28 PDT 2003
On Tue, Sep 16, 2003 at 10:47:28AM -0400, Mitch Collinsworth wrote:
> Is this advisory available anywhere else? I'm continually getting
> server timeout when trying to load this URL. Meanwhile www.openssh.org
> doesn't seem to have any mention of the advisory. [?]
It loads for me sometimes only. It is supposed to be at
<URL:http://www.openssh.com/txt/buffer.adv>, but it isn't there yet.
Here's the meat of it:
---- begin excerpt ----
This is the 1st revision of the Advisory.
This document can be found at: http://www.openssh.com/txt/buffer.adv
1. Versions affected:
All versions of OpenSSH's sshd prior to 3.7 contain a buffer
management error. It is uncertain whether this error is
potentially exploitable, however, we prefer to see bugs
fixed proactively.
2. Solution:
Upgrade to OpenSSH 3.7 or apply the following patch.
---- end excerpt ----
Cheers,
--
Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal
nectar at celabo.org . jvidrine at verio.net . nectar at freebsd.org . nectar at kth.se
More information about the freebsd-security
mailing list