[TriLUG] openssh vulnerability on login.trilug.org may affect you
Jim Tuttle
jjtuttle at trilug.org
Tue May 13 16:45:40 EDT 2008
Very odd. I'm running Ubuntu 8.04 and thought I'd confirm that I have
the recommended update to openssh-client, 1:4.7p1-8ubuntu1.1. I don't.
I have 1:4.7p1-8ubuntu1. So, I looked in my update history and see I
the last ssh update I got was April 2nd. Running the update manager
doesn't pull it down and
http://packages.ubuntu.com/dapper/net/openssh-client shows
1:4.2p1-7ubuntu3.3 as the latest update.
If the package maintainer has updated the package, why isn't it being
pushed out via apt? Very odd.
Also, I just regenerated a key with my installed version,
1:4.7p1-8ubuntu1, and it seems to also be vulnerable. Stupid.
Jim
Cristóbal Palmer wrote:
> Hi folks,
>
> If for some strange reason you're not also on the low-traffic
> "trilug-announce" list, please go subscribe, because you're missing
> important posts like this one:
>
> http://www.trilug.org/pipermail/trilug-announce/2008/000145.html
>
> To subscribe, go here:
>
> http://www.trilug.org/mailman/listinfo/trilug-announce
>
> Cheers,
--
--
---Jim Tuttle
------------------------------------------------------
http://www.braggtown.com
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x69B69B08
More information about the TriLUG
mailing list