This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: new openssh vulnerability


On Tue, Sep 16, 2003 at 05:39:35PM -0400, Tony Schmitt wrote:
> Corinna - I was informed of an SSH hole today. Referring to
> http://www.securityfocus.com/advisories:
> 
> "...a buffer management error found in versions of OpenSSH earlier than
> 3.7. The possibility exists that this error could allow a remote exploit..."
> 
> Were you aware of this?

Yes, but not for long.  I'm subscribed to the portable openssh
developers mailing list but for some reason I'm getting the postings
currently with about 30 hours(!) delay.  For that reason I learned
about the release of 3.7p1 and the security advisory just 2 hours
ago.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]