On Thu, 27 Jun 2002, Jason Lim wrote:
> Do you all know how Debian's progress is regarding this? We are starting
Debian already released announcement and made new packages available for
upgrading OpenSSH for UsePrivilegeSeparation support. I assume that the
security.debian.org will have new 3.4 soon.
> > ChallengeResponseAuthentication no
It is interesting to note that it appears that the ssh 1.2.3-9.4 used with
stable wasn't even vulnerable. (But I guess it is a good idea to have a
chrooted, unprivileged child process to deal with the ssh connection
before authentication.)
Jeremy C. Reed
....................................................
BSD software, documentation, resources, news...
http://bsd.reedmedia.net/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
