Bug 28134 - Upgrade to openssh-2.3.0 must be published as security fix
Summary: Upgrade to openssh-2.3.0 must be published as security fix
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: openssh   
(Show other bugs)
Version: 7.0
Hardware: i386 Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact:
URL: http://razor.bindview.com/publish/adv...
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-02-17 13:02 UTC by Jon Reeves
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-02-26 20:31:10 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Jon Reeves 2001-02-17 13:02:00 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.2.16-22smp i686)


A security hole in openssh 2.2, as shipped with RedHat 7, has been
published.  It can
be fixed by upgrading to 2.3, which is available from redhat.com, but this
version is not
yet included in the version 7.0 security patch list.

Reproducible: Always
Steps to Reproduce:
See security advisory.  The hole depends on Protocol 1 being enabled, which
it is by
default.	

http://www.openssh.com/security.html also points out the need to upgrade.

Comment 1 Nalin Dahyabhai 2001-02-26 20:31:06 UTC
We're looking at using 2.5.1p1 (or p2, if available) as a security fix.

Comment 2 Nalin Dahyabhai 2001-04-03 00:00:16 UTC
2.5.2p2 has been released as a security errata, superceding 2.3.0p1.


Note You need to log in before you can comment on or make changes to this bug.