On Saturday 27 March 2010 09:17:55 am Steve Grubb wrote: > On Friday 26 March 2010 07:25:53 pm Michał Piotrowski wrote: > > Vulnerability described in CVE-2009-2904 > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2904 was > > addressed in https://rhn.redhat.com/errata/RHSA-2009-1470.html for > > RHEL. Isn't F11 openssh version also vulnerable? > > RHEL5 uses version 4.3. The CVE was caused by a flaw in a patch that > backported a feature from 4.8 to 4.3. Fedora 11 is on 5.2, so it should > not be vulnerable. More research...looks like this took care of it: * Mon Sep 21 2009 Jan F. Chadima <jchadima@xxxxxxxxxx> - 5.2p1-6 - remove homechroot patch So if you are on 5.2p1-6, you should be OK. -Steve -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel