[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: openssh



On Sat, 20 Sep 2003, Emerson Maat wrote:

> Hi To All,
>  
> I notice on my RH 7.2 when I issue command rpm -qa 'openssh*' the
> result is
> openssh-clients-3.4p1-1.0RS
> openssh-3.4p1-1.0RS
> openssh-server-3.4p1-1.0RS
> 
> According to RH home page those version of openssh are installed on RH 8.0.
> 
> Is this correct or compatible?
> 
> 
> Also, I tried to update OpenSSH and I got this error message
> [root mybox root]# rpm -Fvh openssh*
> error: failed dependencies:
>         libc.so.6(GLIBC_2.3)   is needed by openssh-3.4p1-7
>         libc.so.6(GLIBC_2.3)   is needed by openssh-clients-3.4p1-7
>         libc.so.6(GLIBC_2.3)   is needed by openssh-server-3.4p1-7
>  
> Is this error message indicate that there are missing files?
>  
> I am doing a remote administration.

   Somebody must have installed a version of openssh* that is not what
RedHat provides for RH 7.2.  When a security hole in openssh needs
filling, apparently RedHat puts the fix into their own version of openssh
without assigning it a version number corresponding to the latest openssh.  
If someone instead had once gone to a later version of openssh, you can
now be left with an insecure version that cannot be replaced by later
binaries without also replacing other crucial rpm's. Replacing glibc could
render your computer inoperable, since other software in it depends on the
standard RH 7.2 version of glibc.
    I see three ways out:
 1) Get the source for the latest openssh and build an rpm from it.  You
still may need to upgrade or add other rpms, which you may also need to
build from source.
 2) Upgrade the whole computer to RH 8.0 or 9.0.  But you can't do
that via remote administration.
 3) Replace openssh 3.4p1 with the lower, but more secure RH 7.2 update
3.1p1-14.  If your remote administration is done via ssh, somewhere in the
process you can expect to lose contact.  So write a script to delete
3.4p1-1 and install 3.1p1-14.  But if I were you, I'd have somebody
standing by to fix things if it doesn't work.

-- 
Steven Yellin




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]