Bug 28134 - Upgrade to openssh-2.3.0 must be published as security fix
Upgrade to openssh-2.3.0 must be published as security fix
Product: Red Hat Linux
Classification: Retired
Component: openssh (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
: Security
Depends On:
  Show dependency treegraph
Reported: 2001-02-17 08:02 EST by Jon Reeves
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-02-26 15:31:10 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jon Reeves 2001-02-17 08:02:00 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.2.16-22smp i686)

A security hole in openssh 2.2, as shipped with RedHat 7, has been
published.  It can
be fixed by upgrading to 2.3, which is available from redhat.com, but this
version is not
yet included in the version 7.0 security patch list.

Reproducible: Always
Steps to Reproduce:
See security advisory.  The hole depends on Protocol 1 being enabled, which
it is by

http://www.openssh.com/security.html also points out the need to upgrade.
Comment 1 Nalin Dahyabhai 2001-02-26 15:31:06 EST
We're looking at using 2.5.1p1 (or p2, if available) as a security fix.
Comment 2 Nalin Dahyabhai 2001-04-02 20:00:16 EDT
2.5.2p2 has been released as a security errata, superceding 2.3.0p1.

Note You need to log in before you can comment on or make changes to this bug.