BugTraq
Back to list
|
Post reply
GLSA: openssh (200309-14)
Sep 23 2003 08:25PM
aliz gentoo org (Daniel Ahlberg)
(1 replies)
Re: [Full-Disclosure] GLSA: openssh (200309-14)
Sep 23 2003 09:05PM
Ademar de Souza Reis Jr. (ademar conectiva com br)
On Tue, Sep 23, 2003 at 10:25:37PM +0200, Daniel Ahlberg wrote:
> - - ---------------------------------------------------------------------
> GENTOO LINUX SECURITY ANNOUNCEMENT 200309-14
> - - ---------------------------------------------------------------------
>
> PACKAGE : openssh
> SUMMARY : multiple vulnerabilities in new PAM code
> DATE : 2003-09-23 20:25 UTC
> EXPLOIT : remote
> VERSIONS AFFECTED : <openssh-3.7.1_p2
This is not right. The correct should be:
VERSIONS AFFECTED: < openssh-3.7.1p2 >= openssh-3.7p1
(aka only 3.7p1 and 3.7.1p1)
Versions before 3.7p1 are safe from this vulnerability (many vendors
fixed the previous vulnerabilities using patches and therefore are
safe).
--
Ademar de Souza Reis Jr. <ademar (at) conectiva.com (dot) br [email concealed]>
^[:wq!
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
> - - ---------------------------------------------------------------------
> GENTOO LINUX SECURITY ANNOUNCEMENT 200309-14
> - - ---------------------------------------------------------------------
>
> PACKAGE : openssh
> SUMMARY : multiple vulnerabilities in new PAM code
> DATE : 2003-09-23 20:25 UTC
> EXPLOIT : remote
> VERSIONS AFFECTED : <openssh-3.7.1_p2
This is not right. The correct should be:
VERSIONS AFFECTED: < openssh-3.7.1p2 >= openssh-3.7p1
(aka only 3.7p1 and 3.7.1p1)
Versions before 3.7p1 are safe from this vulnerability (many vendors
fixed the previous vulnerabilities using patches and therefore are
safe).
--
Ademar de Souza Reis Jr. <ademar (at) conectiva.com (dot) br [email concealed]>
^[:wq!
[ reply ]