SSL Buffer Overflow Vulnerability
Chris Kloiber
ckloiber at ckloiber.com
Wed May 26 19:15:43 UTC 2004
On Thu, 2004-05-27 at 00:58, Chalonec Roger wrote:
> Our security folks detected an openSSH vulnerability in a fully patched
> FC1. They said that it was running version 3.7.0 and needed to go to
> 3.7.1 . Should this be the case if FC1 is fully patched? Can anyone
> point me to directions on how to upgrade to 3.7.1 or recommend a better
> openSSH version?
Did they successfully exploit this vulnerability, or just look at the
version number and make a decree? This may not fully apply to Fedora,
but have them look at:
https://www.redhat.com/advice/speaks_backport.html
So have them grab the source and look to see if the vulnerability has
been fixed already. Might also be noted in the changelog, or in the
fedora-announce-list archives. If it's nowhere to be found, then we
could start looking at 3.7.1.
--
Chris Kloiber
More information about the fedora-list
mailing list