From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020513 Description of problem: ISS X-Force disclosed a bug that effects OpenSSH v2.9.9-3.3 if UsePrivilegeSeparation is disabled. This vulnerability has also been announced on Slashdot. Version-Release number of selected component (if applicable): How reproducible: Didn't try Additional info: I am seeking the following information: Has Red hat tested enabling UsePrivilegeSeparation with openssh-server-3.2.3p1-4.i386.rpm? Is there any ETA for openssh v3.4 to be packaged? Thanks
RHSA-2002:127 contained a backported security fix for the particular OpenSSH vulnerability.