OpenSSH 3.7 released
Serge Droz
serge.droz at psi.ch
Wed Sep 17 01:18:10 EST 2003
...
> Security Changes:
> =================
>
> All versions of OpenSSH's sshd prior to 3.7 contain a buffer
> management error. It is uncertain whether this error is
> potentially exploitable, however, we prefer to see bugs
> fixed proactively.
>
> OpenSSH 3.7 fixes this bug.
>
Great !
> Changes since OpenSSH 3.6.1:
> ============================
.> * Changes in Kerberos support:
>
> - KerberosV password support now uses a file cache instead of
> a memory cache.
>
> - KerberosIV and AFS support has been removed.
Could you release just the patch for the security fix?
We do need AFS support and thus can't just roll out 3.7
Cheers
Serge
--
Serge Droz
Paul Scherrer Institut mailto:serge.droz at psi.ch
CH-5232 Villigen PSI Phone: ++41 56 310 3637
More information about the openssh-unix-dev
mailing list