[TriLUG] Fwd: Upcoming OpenSSH vulnerability *unverified*
Tue, 25 Jun 2002 12:40:28 -0400 (EDT)
On Tue, 25 Jun 2002, Lisa Lorenzin wrote:
> new rpms don't appear to have made it onto rufus yet, but they're
> available at
> (7.3 RPM works on 7.2 - i'm not sure about older versions.)
> looks to me like you have to upgrade to openssh 3.3p AND enable privilege
> separation in sshd_config to mitigate.
Actually, privilege separation is enabled by default in 3.3p; that's one
of the changes. However, for Linux you may need to add "Compression
no" to the sshd_config to prevent fatal mmap errors.
For RHL 6.2 users who don't want to build their own SRPMs (since the RH73
SRPMs require a bunch of dependencies), the tar/gz version works
fine. Hopefully there are fewer and fewer RHL 6.2 users out there, so
this is moot advice. :-)