Openssh vulnerabilities
Tomas Mraz
tmraz at redhat.com
Wed Jun 13 18:42:09 UTC 2007
On Tue, 2007-06-12 at 22:28 -0400, Kevin Fenzi wrote:
> Author: kevin
>
> Update of /cvs/fedora/fedora-security/audit
> In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19805
>
> Modified Files:
> fc7
> Log Message:
> Process openssh
>
>
>
> Index: fc7
> ===================================================================
> RCS file: /cvs/fedora/fedora-security/audit/fc7,v
> retrieving revision 1.5
> retrieving revision 1.6
> diff -u -r1.5 -r1.6
> --- fc7 12 Jun 2007 20:40:54 -0000 1.5
> +++ fc7 13 Jun 2007 02:28:16 -0000 1.6
> @@ -23,7 +23,7 @@
> *CVE-2007-2843 ignore (konqueror) safari specific
> *CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970
> *CVE-2007-2799 (file)
> -*CVE-2007-2768 (openssh)
> +CVE-2007-2768 VULNERABLE (openssh)
This is not an openssh vulnerability but PAM OPIE module one and we
don't ship this module. -> NOT VULNERABLE
> *CVE-2007-2756 ignore (gd) DoS only
> *CVE-2007-2754 (freetype)
> *CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397
> @@ -54,7 +54,7 @@
> *CVE-2007-2356 (gimp)
> *CVE-2007-2353 (axis)
> *CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882
> -*CVE-2007-2243 (openssh)
> +CVE-2007-2243 VULNERABLE (openssh, fixed 4.6)
We don't ship openssh with S/KEY support compiled in. -> NOT VULNERABLE
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the Fedora-security-list
mailing list