|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] GLSA: openssh (200309-14)
From: Ademar de Souza Reis Jr. (ademar
conectiva.com.br)
Date: Tue Sep 23 2003 - 16:05:34 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, Sep 23, 2003 at 10:25:37PM +0200, Daniel Ahlberg wrote:
> - - ---------------------------------------------------------------------
> GENTOO LINUX SECURITY ANNOUNCEMENT 200309-14
> - - ---------------------------------------------------------------------
>
> PACKAGE : openssh
> SUMMARY : multiple vulnerabilities in new PAM code
> DATE : 2003-09-23 20:25 UTC
> EXPLOIT : remote
> VERSIONS AFFECTED : <openssh-3.7.1_p2
This is not right. The correct should be:
VERSIONS AFFECTED: < openssh-3.7.1p2 >= openssh-3.7p1
(aka only 3.7p1 and 3.7.1p1)
Versions before 3.7p1 are safe from this vulnerability (many vendors
fixed the previous vulnerabilities using patches and therefore are
safe).
--
Ademar de Souza Reis Jr. <ademarconectiva.com.br>
^[:wq!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/cLWdWc6nS4JfEnARApvwAKCgqBhTTSFZViwVvmemp+nWTtmQUQCgkkU6
1gp8+GJLXpINfswU3xszILc=
=jf9k
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]