On Wednesday 26 May 2004 11:58, Chalonec Roger wrote: > Our security folks detected an openSSH vulnerability in a fully > patched FC1. They said that it was running version 3.7.0 and > needed to go to 3.7.1 . Should this be the case if FC1 is fully > patched? Can anyone point me to directions on how to upgrade to > 3.7.1 or recommend a better openSSH version? > > Thanks, > > Roger The command: rpm -q --changelog openssh will list the changelog and your security folks will have to see if the changes listed will address their concerns. For example: * Tue Sep 16 2003 Bill Nottingham <notting@xxxxxxxxxx> 3.6.1p1-14 - additional buffer manipulation fixes (CAN-2003-0695) Regards, Mike Klinke
