Re: SSL Buffer Overflow Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2004-05-27 at 00:58, Chalonec Roger wrote:
> Our security folks detected an openSSH vulnerability in a fully patched
> FC1.  They said that it was running version 3.7.0 and needed to go to
> 3.7.1 .  Should this be the case if FC1 is fully patched?  Can anyone
> point me to directions on how to upgrade to 3.7.1 or recommend a better
> openSSH version?

Did they successfully exploit this vulnerability, or just look at the
version number and make a decree? This may not fully apply to Fedora,
but have them look at:

https://www.redhat.com/advice/speaks_backport.html

So have them grab the source and look to see if the vulnerability has
been fixed already. Might also be noted in the changelog, or in the
fedora-announce-list archives. If it's nowhere to be found, then we
could start looking at 3.7.1.

-- 
Chris Kloiber




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux