OpenSSH 3.7.1p2

Joerg W Mittag Joerg.Mittag at Web.De
Wed Sep 24 02:41:36 PDT 2003


Archaic wrote:
> On Tue, Sep 23, 2003 at 04:36:18PM -0500, Dagmar d'Surreal wrote:
> <..>
>
> In less than a week they have released 3 times. 3.7p1, 3.7.1p1, and
> now 3.7.1p2. Dagmar, have you read the changelog, yet? 3.7p1 was
> supposed to be the one that fixed the situation [...]

3.7p2 fixes a different security hole in the PAM implementation of the
portable 3.7 and 3.7p1 versions. If you're not using PAM you don't
need to upgrade.

See:
    http://openssh.com/txt/buffer.adv
    http://openssh.com/txt/sshpam.adv

jwm




More information about the lfs-security mailing list