I hate when redhat does this, so maybe someone there can explain the logic. I have sshd using a mounted config directory, so sshd_config can be shared by the Solaris and Linux boxen (et al). This makes administration worlds easier... unless I'm using RPMs. The rpm released in response to the sshd vulnerability does not include support for 3.7's 'UseDNS' option, which apparently takes the place of the old reverse lookup option. This means I now have to have two sets of config files, or I have to build from source, which removes the benefit of a package management system and makes my life more difficult. On Tue, 2003-09-16 at 14:22, John Haxby wrote: > Guy Fraser wrote: > > > Does anyone know when OpenSSH 3.7 will be available. > > > > There is an exploit on all previous releases. > > > > http://securityfocus.com/bid/7467/info/ > > Good timing! This has just turned up: > > Red Hat Security Advisory > > Synopsis: Updated OpenSSH packages fix potential vulnerability > Advisory ID: RHSA-2003:279-01 > Issue date: 2003-09-16 > Updated on: 2003-09-16 > Product: Red Hat Linux > Keywords: > Cross references: > Obsoletes: RHSA-2003:222 > CVE Names: CAN-2003-0693 > > > > > > > > > -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
