| 1 |
Hi, |
| 2 |
|
| 3 |
I haven't seen anything in bugs or this list about this, so here is the |
| 4 |
news: |
| 5 |
CERT have issued an advisory about OpenSSH, the bug in question enables |
| 6 |
existing users to gain root privelidges. |
| 7 |
The advisory is here: http://www.pine.nl/advisories/pine-cert-20020301.txt |
| 8 |
The fix is to upgrade to the latest OpenSSH (3.1p1) ASAP. |
| 9 |
May I politely suggest that a new ebuild be constructed post-haste? :) |
| 10 |
Anyway, for those at risk, I have constructed an emergency ebuild and |
| 11 |
digest file, so you may upgrade immediately. |
| 12 |
The files can be found here: http://www.cdavies.org/gentoo/ |
| 13 |
|
| 14 |
Put the digest file in /usr/portage/net-misc/openssh/files and the |
| 15 |
ebuild in /usr/portage/net-misc/openssh and rerun emerge openssh. |
| 16 |
|
| 17 |
If anyone thinks it is worthwhile, I will also post this message to the |
| 18 |
gentoo users list, but at present I'm not going to do that. |
| 19 |
Thanks, |
| 20 |
C.Davies |
| 21 |
(c.davies@×××××××.org) |
Archives