OpenSSH 3.7 released
mouring at etoh.eviladmin.org
Wed Sep 17 04:38:07 EST 2003
On Tue, 16 Sep 2003, Serge Droz wrote:
> > Security Changes:
> > =================
> > All versions of OpenSSH's sshd prior to 3.7 contain a buffer
> > management error. It is uncertain whether this error is
> > potentially exploitable, however, we prefer to see bugs
> > fixed proactively.
> > OpenSSH 3.7 fixes this bug.
> Great !
> > Changes since OpenSSH 3.6.1:
> > ============================
> .> * Changes in Kerberos support:
> > - KerberosV password support now uses a file cache instead of
> > a memory cache.
> > - KerberosIV and AFS support has been removed.
> Could you release just the patch for the security fix?
> We do need AFS support and thus can't just roll out 3.7
> Serge Droz
> Paul Scherrer Institut mailto:serge.droz at psi.ch
> CH-5232 Villigen PSI Phone: ++41 56 310 3637
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
More information about the openssh-unix-dev