Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Roman Drahtmueller (draht_at_suse.de)
Date: Thu Aug 01 2002 - 07:51:48 CDT
-----BEGIN PGP SIGNED MESSAGE-----
Thu Aug 1 14:40:28 MEST 2002
The openssh source tarball openssh-3.4p1.tar.gz from the openbsd ftp
server ftp.openbsd.org has been trojaned with code that opens network
connections to a server in the internet (18.104.22.168:6667) at compile
time. The backdoor does not have any influence on the runtime behaviour of
the package to our current knowlege. As of now, the package on the openbsd
ftp server has not been removed/cleaned.
The SuSE openssh package for SuSE Linux 8.0 has the same version 3.4p1,
but it is built from non-trojaned sources. Therefore, the SuSE openssh
packages are not affected by this backdoor.
We thank our users who have expressed their concerns about the backdoor
when they notified SuSE Security, and to Len Rose from
| Roman Drahtmüller <drahtsuse.de> // "You don't need eyes to see, |
SuSE Linux AG - Security Phone: // you need vision!"
| Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless |
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
-- To unsubscribe, e-mail: suse-security-announce-unsubscribesuse.com For additional commands, e-mail: suse-security-announce-helpsuse.com