[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: openssh 3.1 & www.openbsd.org
On Fri, 8 Mar 2002, Alex de Joode wrote:
> 1) why didn't the anouncement of OpenSSH 3.1 contain at least
> an advisory to upgrade as there was a hole in the previous
> versions. people reading the anouncement would not think
> "hey I *need* to upgrade".
You can patch your OpenSSH 3.0.2, or even older versions. You don't *need*
to upgrade to 3.1.
> 2) given the openssh hole, it might be needed to change the
> OpenBSD website:
> "Four days without a remote hole in the default install!"
> or do the OpenBSD developers deem the hole not remote enough ?
Has it been proven that the bug in OpenSSH is remote exploitable? Where is
proof of concept code?