[svlug] OpenSSH source may be trojaned, unless...

J. Paul Reed preed at sigkill.com
Fri Aug 2 01:17:49 PDT 2002


On Thu, 1 Aug 2002, Ian Kluft wrote:

> All software seems to have a very limited shelf life these days...

Yeah... especially considering that OpenSSL, on which OpenSSH depends, has
had a number of nasty buffer overflows discovered very recently as well.

http://www.openssl.org/news/secadv_20020730.txt

The short and sweet version: if you're using pre-0.9.6d or some of the
0.9.7 betas, it's time for an upgrade (whether "downloading" one means
'apt-get', 'rpm -U', or 'wget'/'ftp').

I know everyone makes mistakes, but... but... just... *sigh*

Later,
Paul
  -----------------------------------------------------------------------
  J. Paul Reed                 preed at sigkill.com || web.sigkill.com/preed
  Wait, stop!  We can outsmart those dolphins.  Don't forget: we invented
  computers, leg warmers, bendy straws, peel-and-eat shrimp, the glory
  hole, *and* the pudding cup!  -- Homer Simpson, Tree House of Horror XI





More information about the svlug mailing list