On Fri, 26 Sep 2003 10:43:00 -0700 Aaron <microchp@xxxxxxxxxxxx> wrote: > Does the latest release of OpenSSH for RedHat actually fix all the > latest exploits? No need to fix them, Redhat was never vulnerable. This issue was for 3.7 and Redhat only ships with 3.5 > http://www.openssh.com/txt/sshpam.adv > > Is that in reference to: > > ( 16-SEP-03 > Nalin Dahyabhai <nalin@xxxxxxxxxx> 3.1p1-9: > - apply patch to store the correct buffer size in allocated buffers > (CAN-2003-0693) > - skip the initial PAM authentication attempt with an empty password > if > empty passwords are not permitted in our configuration (#103998) ) > ?? > > > When I scan my RH boxes for versions, I get 3.5p1 for RH9 and 3.1p1 > for RH7.3 and RH7.2, yet they are on the latest RPMs. > > Should I just recompile openssl/openssh from the latest source or > stick with the RPM for RH7.2, RH7.3 and RH9? > > > -- > Shrike-list mailing list > Shrike-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/shrike-list -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
