version 1.364, 2001/12/11 05:45:50 |
version 1.365, 2001/12/13 19:01:39 |
|
|
<a name=sshd> |
<a name=sshd> |
<li><font color=#009000><strong>002: SECURITY FIX: November 12, 2001</strong></font><br> |
<li><font color=#009000><strong>002: SECURITY FIX: November 12, 2001</strong></font><br> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> |
is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.1 to fix a few problems: |
is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.2 to fix a few problems: |
<p> |
<p> |
<ul> |
<ul> |
<li>A security hole that may allow an attacker to partially authenticate |
<li>A security hole that may allow an attacker to partially authenticate |
|
|
also exists, but since this may cause daemon crashes, we are providing a |
also exists, but since this may cause daemon crashes, we are providing a |
patch as well. |
patch as well. |
<p> |
<p> |
|
<li>A vulnerability in environment passing in the <code>UseLogin</code> |
|
<i>sshd</i> option |
|
<p> |
<li>Various other non-critical fixes. |
<li>Various other non-critical fixes. |
</ul> |
</ul> |
<p> |
<p> |
Effectively an upgrade of OpenSSH 3.0 to OpenSSH 3.0.1, |
Effectively an upgrade of OpenSSH 3.0 to OpenSSH 3.0.2, |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/002_ssh.patch">a source code patch exists which remedies these problems</a>. |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/002_ssh2.patch">a source code patch exists which remedies these problems</a>. |
|
This is the second version of this patch. |
<p> |
<p> |
<a name=hosts> |
<a name=hosts> |
<li><font color=#009000><strong>001: INSTALL ISSUE: November 12, 2001</strong></font><br> |
<li><font color=#009000><strong>001: INSTALL ISSUE: November 12, 2001</strong></font><br> |