[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
OpenSSH 2.5.2p2 for Redhat 6.2
- From: Mark Arrasmith <arrasmith math twsu edu>
- To: axp-list redhat com
- Subject: OpenSSH 2.5.2p2 for Redhat 6.2
- Date: Wed, 28 Mar 2001 16:02:49 -0600
In case anyone wants a binary you can pickup the latest openssh 2.5.2p2
compiled with the default gcc compiler for Redhat 6.2 from:
ftp://chaos.math.twsu.edu/pub/AlphaLinux/secure/
src.rpms from
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/rpm/SRPMS/
A snip from the Redhat 7 advisory (because openssh is included in Redhat 7).
===============
3. Problem description:
Weaknesses in the SSH protocols can be used by a passive attacker to deduce
information about passwords entered over an encrypted connection. This
information can be used to reduce the number of possible solutions which need
to be tested to perform a brute-force attack. This reduces the amount of time
and resources required to mount such an attack successfully.
OpenSSH 2.5.1 and 2.5.2 include modifications which, while not completely
resolving this problem, reduce the risks by changing certain server behaviors
to make passive analysis more difficult.
===============
Basically if you are running openssh < 2.5.1 you should update.
- mark arrasmith
--
Magary's Principle:
When there is a public outcry to cut deadwood and fat from any
government bureaucracy, it is the deadwood and the fat that do
the cutting, and the public's services are cut.
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[]