[plug] X11 connection rejected with updated ssh

James Devenish devenish at guild.uwa.edu.au
Fri Sep 26 09:57:24 WST 2003


In message <1064540324.3703.4.camel at bunyip.murdoch.edu.au>
on Fri, Sep 26, 2003 at 09:38:44AM +0800, Bill Kenworthy wrote:
> You might want to reconsider as I believe that prior to 3.7, there is an
> exploit in the wild for some months and it apparently has been used to
> hack into boxes.
[...]
> Basicly, if you are not running the latest version, you are
> vulnerable.

I'm not sure if you were replying to me or to Leon and his 3.6p2. If me,
you are implying that the code flaw has not been identified but is
nevertheless absent from 3.7.1p2. That is to that: if the nature of the
flaw were known, a security alert would have been made and the patch
should have made its way into RedHat's errata. The URL I gave was to fix
the vulnerabilties up to 3.7.1p1. Having a look around RedHat Network, I
can't see that they released any RPM for 3.7.1p2. If RedHat backported
the PAM-related bugs, then people will have to make/find their own RPMs
for the time being. But if the PAM bugs were not backported, then it
would be safer to use one of RedHat's old versions than 3.7.1p1 (and
there wouldn't be a need to upgrade to 3.7.1p2 on account of the PAM
flaws).


_______________________________________________
plug mailing list
plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug


More information about the plug mailing list