Once upon a time, Chalonec Roger <Chalonec.Roger@xxxxxxxx> said: > Our security folks detected an openSSH vulnerability in a fully patched > FC1. They said that it was running version 3.7.0 and needed to go to > 3.7.1 . Should this be the case if FC1 is fully patched? Can anyone > point me to directions on how to upgrade to 3.7.1 or recommend a better > openSSH version? They are most likely just scanning the version and not actually testing for the vulnerability. Typically, when a security hole is found, a lot of "stable" distributions just back-port the fix for that bug into the version they were already running instead of upgrading the version (which probably includes lots of other unknown and untested changes). There are one or two things in updates/testing that are security fixes, but otherwise AFAIK if you've got everything from updates you shouldn't have any known holes. -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
