Re: CVE-2009-2904 - not patched F11 openssh?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Saturday 27 March 2010 09:17:55 am Steve Grubb wrote:
> On Friday 26 March 2010 07:25:53 pm Michał Piotrowski wrote:
> > Vulnerability described in CVE-2009-2904
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2904 was
> > addressed in https://rhn.redhat.com/errata/RHSA-2009-1470.html for
> > RHEL. Isn't F11 openssh version also vulnerable?
> 
> RHEL5 uses version 4.3. The CVE was caused by a flaw in a patch that
> backported a feature from 4.8 to 4.3. Fedora 11 is on 5.2, so it should
> not be vulnerable.

More research...looks like this took care of it:

* Mon Sep 21 2009 Jan F. Chadima <jchadima@xxxxxxxxxx> - 5.2p1-6
- remove homechroot patch

So if you are on 5.2p1-6, you should be OK.

-Steve
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux