Bug 67464 - openssh security problem
Summary: openssh security problem
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: openssh (Show other bugs)
(Show other bugs)
Version: 7.0
Hardware: i386 Linux
high
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-06-25 19:02 UTC by flaps
Modified: 2007-03-27 03:54 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-06-25 19:02:34 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description flaps 2002-06-25 19:02:30 UTC
There is apparently a serious security bug in openssh, probably remote-root. 
See http://www.openssh.com .  Debian security fix URL was just posted to
bugtraq; it is http://www.debian.org/security/2002/dsa-134
They're not saying what the bug is yet, but the hush-hush suggests that it is
remote-root.

Also, it sure would be nice if you made it easier for those of us still running
some redhat 6.2 machines to upgrade to the new openssh you're presumably about
to release.  I guess you don't have any moral responsibility to because you
didn't distribute openssh with redhat 6.x, but I _think_ that merely a modern
openssl [that's an L] rpm for redhat 6.2, plus updated versions of everything
which depends upon openssl, would make the rest of it fairly easy for your
humble audience.  The big problem is some sort of incompatible change between
openssl 0.95 and 0.96, I think.

regards,
ajr

Comment 1 Mark J. Cox 2002-08-13 12:13:01 UTC
RHSA-2002:127


Note You need to log in before you can comment on or make changes to this bug.