OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Roman Drahtmueller (drahtsuse.de)
Date: Mon Mar 26 2001 - 07:06:02 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    > > Is there already an update for the new openssh (2.5.2p2) version
    > > which includes various security fixes?
    >
    > I think in the discussion a few weeks ago it turned out that
    > SuSE's default policy is to only offer patched versions of
    > packages they ship with their CD's, i.e. if there is no security hole
    > there probably won't be a feature upgrade.

    If there is a security problem, we will fix it, especially if
    security-related software is concerned. The case of openssh is a mixed
    one: There is no imminent security threat with the versions we have out on
    the ftp server right now. Anyway, we have made updates, but we see some
    problems with them. Give us another few days and we'll have them fixed.

    The packages will be provided for the SuSE distributions that included
    openssh already. The others will not see updates because the package may
    not even compile on them.

    >
    > But I'm just in the course of building rpms for SuSE 7.0 (maybe SuSE 7.1)
    > and I will offer the rpms, the spec file as well as a short instruction on
    > building openssh for SuSE from source rpm (which you can download from
    > www.openssh.org) on our web site, so stay tuned. With an appropriate spec
    > file, it's a one-liner.
    > By the way, I was surprised at how many people actually
    > downloaded the binary rpm for openssh-2.5.1p1 from our web site
    > Though I don't have any bad intentions at all, you should have no reason
    > to trust me, and _never_ download security sensitive packages from
    > untrusted sources. Anyway, it was a nice field test on how far you _could_
    > probably get with "social engineering" in security mailing lists. Maybe Kurt
    > wants to write an article on that subject ...? ;-)

    Ack. It's sad.
    I believe Kurt has some sad articles about this already... :-)

    > > Best wishes
    > >
    > > Norbert
    >
    > Regards,
    > Martin

    Thanks,
    Roman. 

    -- 
 -                                                                      -
| Roman Drahtmüller      <drahtsuse.de> //          "Caution: Cape does |
  SuSE GmbH - Security           Phone: //       not enable user to fly."
| Nürnberg, Germany     +49-911-740530 // (Batman Costume warning label) |
 -                                                                      -

    ---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com