This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: new openssh vulnerability

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: cygwin at cygwin dot com
Date: Wed, 17 Sep 2003 00:11:43 +0200
Subject: Re: new openssh vulnerability
References: <3F678317.6040001@aol.com>
Reply-to: cygwin at cygwin dot com

On Tue, Sep 16, 2003 at 05:39:35PM -0400, Tony Schmitt wrote:
> Corinna - I was informed of an SSH hole today. Referring to
> http://www.securityfocus.com/advisories:
> 
> "...a buffer management error found in versions of OpenSSH earlier than
> 3.7. The possibility exists that this error could allow a remote exploit..."
> 
> Were you aware of this?

Yes, but not for long.  I'm subscribed to the portable openssh
developers mailing list but for some reason I'm getting the postings
currently with about 30 hours(!) delay.  For that reason I learned
about the release of 3.7p1 and the security advisory just 2 hours
ago.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

References:
- new openssh vulnerability
  - From: Tony Schmitt

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]