There is apparently a serious security bug in openssh, probably remote-root. See http://www.openssh.com . Debian security fix URL was just posted to bugtraq; it is http://www.debian.org/security/2002/dsa-134 They're not saying what the bug is yet, but the hush-hush suggests that it is remote-root. Also, it sure would be nice if you made it easier for those of us still running some redhat 6.2 machines to upgrade to the new openssh you're presumably about to release. I guess you don't have any moral responsibility to because you didn't distribute openssh with redhat 6.x, but I _think_ that merely a modern openssl [that's an L] rpm for redhat 6.2, plus updated versions of everything which depends upon openssl, would make the rest of it fairly easy for your humble audience. The big problem is some sort of incompatible change between openssl 0.95 and 0.96, I think. regards, ajr
RHSA-2002:127