Date: Tue, 16 Sep 2003 09:55:25 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Mitch Collinsworth <mitch@ccmr.cornell.edu> Cc: freebsd-security@freebsd.org Subject: Re: OpenSSH heads-up Message-ID: <20030916145525.GB90755@madman.celabo.org> In-Reply-To: <Pine.LNX.4.58.0309161046030.11275@ori.ccmr.cornell.edu> References: <20030916134347.GA30359@madman.celabo.org> <Pine.LNX.4.58.0309161046030.11275@ori.ccmr.cornell.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Sep 16, 2003 at 10:47:28AM -0400, Mitch Collinsworth wrote: > Is this advisory available anywhere else? I'm continually getting > server timeout when trying to load this URL. Meanwhile www.openssh.org > doesn't seem to have any mention of the advisory. [?] It loads for me sometimes only. It is supposed to be at <URL:http://www.openssh.com/txt/buffer.adv>, but it isn't there yet. Here's the meat of it: ---- begin excerpt ---- This is the 1st revision of the Advisory. This document can be found at: http://www.openssh.com/txt/buffer.adv 1. Versions affected: All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively. 2. Solution: Upgrade to OpenSSH 3.7 or apply the following patch. ---- end excerpt ---- Cheers, -- Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030916145525.GB90755>