[2578] in Release_7.7_team
Emergency Athena 8.4.20 patch release right now
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Feb  8 22:32:31 2001
Date: Thu, 8 Feb 2001 22:32:20 -0500
Message-Id: <200102090332.WAA05790@egyptian-gods.MIT.EDU>
From: Greg Hudson <ghudson@MIT.EDU>
To: release-announce@MIT.EDU
Hi.  A remotely exploitable security hole was recently found in the
version of sshd we use on Athena.  To address this issue, we've
put out an emergency patch release to update sshd.
If you have an AUTOUPDATE=false machine and want to take the patch
release manually after it goes out, do a console login as root and run
"update_ws".
If you have a machine which runs sshd and cannot conveniently take the
update, or a layered Linux machine, you can manually update your sshd
binary by logging in as root and doing the following:
	ON SOLARIS OR IRIX:
		cp /srvd/etc/athena/sshd /etc/athena/sshd.new
		mv /etc/athena/sshd.new /etc/athena/sshd
		# Reboot if reasonable; otherwise restart sshd:
		kill `cat /var/athena/sshd.pid`
		sshd
	ON LINUX:
		rpm -U /afs/athena.mit.edu/system/rhlinux/athena-8.4/free/RPMS/athena-ssh-8.4-20.i386.rpm
		# Reboot if reasonable; otherwise restart sshd:
		kill `cat /var/athena/sshd.pid`
		sshd
If you have an Athena 8.3 or earlier machine which runs sshd, please
disable sshd for now (set SSHD=false in /etc/athena/rc.conf and "kill
`cat /var/athena/sshd.pid`") and contact us if you need further
support.
Please send questions or comments to release-team@mit.edu.