[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: http://www.linux.org.il/ rants
On Sun, Dec 23, 2001, Yotam Rubin wrote about "Re: http://www.linux.org.il/ rants":
> Once crucially important update is ssh, whose version on iglu.org.il appears
> to be vulnerable to the CRC compensation bug, which may grant arbitrary
> access to attackers. You can try and convert that Redhat box to Debian,
> which will ease the strain of constantly monitoring updates and allow trivial
> upgradability. If I can assist you in any way, please tell me.
Right. If I remember correctly, openSSH 2.1.1 *was* vulnerable :(
There's no need to upgrade to debian for this...
What I do is just mirror Redhat's updates directory (a mirror in Israel
already exists in Netvision, by the way, I think it is in
redhat.netvision.net.il), and then periodically (or when I read something
interesting in bugtraq) just "rpm -Fvh" all these updates. If you already
mirror these updates (after all, iglu.org.il contains mirrors, doesn't it?),
then it is trivial to use them! :)
The new openSSH is in the updates directory for probably over 8 months...
please check...
--
Nadav Har'El | Sunday, Dec 23 2001, 8 Tevet 5762
nyh@math.technion.ac.il |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |If I am not for myself, who will be for
http://nadav.harel.org.il |me? If I am only for myself, who am I?
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il