OpenSSH security fix

@updates.redhdat.com:

There are too many connected users, please try later.
weeee……

Has anyone ever used lsh? I'd really like to quit running openssh as these types of problems seem to be pretty common. I wish Dan Bernstein would write a ssh server :lol:

Kenny

Depending on when you followed Chris' instructions regarding yesterday's vulnerability, you may need to upgrade SSH again:

> - –----------------------------------------------------------------------

Debian Security Advisory DSA-382-2 security@debian.org

http://www.debian.org/security/ Wichert Akkerman

September 17, 2003

---

Package : ssh

Vulnerability : buffer handling

Problem type : possible remote

Debian-specific: no

CVS references : CAN-2003-0693 CAN-2003-0695

This advisory is an addition to the earlier DSA-382-1 advisory: two more

buffer handling problems have been found in addition to the one

described in DSA-382-1. It is not known if these bugs are exploitable,

but as a precaution an upgrade is advised.

For the Debian stable distribution these bugs have been fixed in version

1:3.4p1-1.woody.2 .

Please note that if a machine is setup to install packages from

proposed-updates it will not automatically install this update.

Sure enough, the Red Hat repository contains a newer version than the one from yesterday afternoon.

apt-get update

apt-get install openssh

Also note that I haven't updated the distros to contain these (and potentially other) security fixes. First thing out the door you should do with any new install is make sure it is up to date. (apt-get update; apt-get upgrade)

-Chris