SSL Buffer Overflow Vulnerability
Mike Klinke
lsomike at futzin.com
Wed May 26 17:04:03 UTC 2004
On Wednesday 26 May 2004 11:58, Chalonec Roger wrote:
> Our security folks detected an openSSH vulnerability in a fully
> patched FC1. They said that it was running version 3.7.0 and
> needed to go to 3.7.1 . Should this be the case if FC1 is fully
> patched? Can anyone point me to directions on how to upgrade to
> 3.7.1 or recommend a better openSSH version?
>
> Thanks,
>
> Roger
The command:
rpm -q --changelog openssh
will list the changelog and your security folks will have to see if
the changes listed will address their concerns. For example:
* Tue Sep 16 2003 Bill Nottingham <notting at redhat.com> 3.6.1p1-14
- additional buffer manipulation fixes (CAN-2003-0695)
Regards, Mike Klinke
More information about the fedora-list
mailing list