[31742] in bugtraq
Re: [Full-Disclosure] GLSA: openssh (200309-14)
daemon@ATHENA.MIT.EDU (Ademar de Souza Reis Jr.)
Wed Sep 24 13:48:06 2003
Date: Tue, 23 Sep 2003 18:05:34 -0300
From: "Ademar de Souza Reis Jr." <ademar@conectiva.com.br>
To: Daniel Ahlberg <aliz@gentoo.org>
Cc: gentoo-announce@gentoo.org, bugtraq@securityfocus.com,
full-disclosure@lists.netsys.com
Message-ID: <20030923210534.GB20885@conectiva.com.br>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="BwCQnh7xodEAoBMC"
Content-Disposition: inline
In-Reply-To: <20030923202537.5E3BA9FBC8@noc.internal.fairytale.se>
--BwCQnh7xodEAoBMC
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Sep 23, 2003 at 10:25:37PM +0200, Daniel Ahlberg wrote:
> - - ---------------------------------------------------------------------
> GENTOO LINUX SECURITY ANNOUNCEMENT 200309-14
> - - ---------------------------------------------------------------------
>=20
> PACKAGE : openssh
> SUMMARY : multiple vulnerabilities in new PAM code
> DATE : 2003-09-23 20:25 UTC
> EXPLOIT : remote
> VERSIONS AFFECTED : <openssh-3.7.1_p2
This is not right. The correct should be:
VERSIONS AFFECTED: < openssh-3.7.1p2 >=3D openssh-3.7p1
(aka only 3.7p1 and 3.7.1p1)
Versions before 3.7p1 are safe from this vulnerability (many vendors
fixed the previous vulnerabilities using patches and therefore are
safe).
--=20
Ademar de Souza Reis Jr. <ademar@conectiva.com.br>
^[:wq!
--BwCQnh7xodEAoBMC
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/cLWdWc6nS4JfEnARApvwAKCgqBhTTSFZViwVvmemp+nWTtmQUQCgkkU6
1gp8+GJLXpINfswU3xszILc=
=jf9k
-----END PGP SIGNATURE-----
--BwCQnh7xodEAoBMC--
