On 01/15/2016 08:55 AM, Noam Bernstein wrote: > I see that this is a CentOS 7 patch only, at least so far. I also see that > the CentOS 6 ssh version is 5.3 > > /usr/bin/ssh -V > OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 > which is supposedly not affected. However, strings indicates that > /usr/bin/ssh is also aware for the useroaming configuration option: > > strings /usr/bin/ssh | grep -i useroam > useroaming > Is it actually known that the ssh version shipped with CentOS 6 is not > vulnerable, or is it just assumed based on the version number? The > announcement implies that the roaming code itself was added in 5.4, not just > that a default was changed, but if that’s really true, why is that string in > the binary?
https://bugzilla.redhat.com/show_bug.cgi?id=1298032#c16 (see comment 16)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
