Date: Tue, 16 Sep 2003 10:47:28 -0400 (EDT) From: Mitch Collinsworth <mitch@ccmr.cornell.edu> To: "Jacques A. Vidrine" <nectar@freebsd.org> Cc: freebsd-security@freebsd.org Subject: Re: OpenSSH heads-up Message-ID: <Pine.LNX.4.58.0309161046030.11275@ori.ccmr.cornell.edu> In-Reply-To: <20030916134347.GA30359@madman.celabo.org> References: <20030916134347.GA30359@madman.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Is this advisory available anywhere else? I'm continually getting server timeout when trying to load this URL. Meanwhile www.openssh.org doesn't seem to have any mention of the advisory. [?] -Mitch On Tue, 16 Sep 2003, Jacques A. Vidrine wrote: > OK, an official OpenSSH advisory was released, see here: > <URL: http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html > > > The fix is currently in FreeBSD -CURRENT and -STABLE. It will be > applied to the security branches as well today. Attached are patches: > > buffer46.patch -- For FreeBSD 4.6-RELEASE and later > buffer45.patch -- For FreeBSD 4.5-RELEASE and earlier > > Currently, I don't believe that this bug is actually exploitable for > code execution on FreeBSD, but I reserve the right to be wrong :-) > > Cheers, > -- > Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal > nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.58.0309161046030.11275>