OpenSSH 3.7 released
Ben Lindstrom
mouring at etoh.eviladmin.org
Wed Sep 17 04:38:07 EST 2003
http://www.openssh.com/txt/buffer.adv
Includes patch
On Tue, 16 Sep 2003, Serge Droz wrote:
> ...
> > Security Changes:
> > =================
> >
> > All versions of OpenSSH's sshd prior to 3.7 contain a buffer
> > management error. It is uncertain whether this error is
> > potentially exploitable, however, we prefer to see bugs
> > fixed proactively.
> >
> > OpenSSH 3.7 fixes this bug.
> >
> Great !
>
> > Changes since OpenSSH 3.6.1:
> > ============================
> .> * Changes in Kerberos support:
> >
> > - KerberosV password support now uses a file cache instead of
> > a memory cache.
> >
> > - KerberosIV and AFS support has been removed.
>
> Could you release just the patch for the security fix?
> We do need AFS support and thus can't just roll out 3.7
>
> Cheers
> Serge
>
>
>
> --
> Serge Droz
> Paul Scherrer Institut mailto:serge.droz at psi.ch
> CH-5232 Villigen PSI Phone: ++41 56 310 3637
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list