[plug] OpenSSH and security holes
Leon Brooks
leonb at bounce.networx.net.au
Thu Dec 9 22:12:05 WST 1999
Christian wrote:
> On Wed, 8 Dec 1999, Leon Brooks wrote:
>>> There have been bugs found in OpenSSH recently so you *may* have problems
>>> in some rare(ish) circumstances. Using the non-free SSH package might be
>>> advisable in the short-term although of course make sure it's not compiled
>>> with RSAREF enabled...
>> Just bugs, or *ghasp* security holes?
> Well, both (sort of). :-) I don't really remember the details but there
> was a minor problem some people had with OpenSSH (non-security related,
> just annoying) and there was another problem with the US version linked
> against RSAREF which has had a couple of security problems lately. Of
> course, this problem is with RSAREF and applies to normal ssh if it uses
> RSAREF (run 'ssh -V' to check).
SSH Version OpenSSH-1.2, protocol version 1.5.
Compiled with SSL.
So I guess it's fine. (-:
More information about the plug
mailing list