On Thu, 2004-05-27 at 00:58, Chalonec Roger wrote: > Our security folks detected an openSSH vulnerability in a fully patched > FC1. They said that it was running version 3.7.0 and needed to go to > 3.7.1 . Should this be the case if FC1 is fully patched? Can anyone > point me to directions on how to upgrade to 3.7.1 or recommend a better > openSSH version? Did they successfully exploit this vulnerability, or just look at the version number and make a decree? This may not fully apply to Fedora, but have them look at: https://www.redhat.com/advice/speaks_backport.html So have them grab the source and look to see if the vulnerability has been fixed already. Might also be noted in the changelog, or in the fedora-announce-list archives. If it's nowhere to be found, then we could start looking at 3.7.1. -- Chris Kloiber
