Quoting Ted Cabeen ([EMAIL PROTECTED]): > >Hm, why should I do that? Is my admin right when he thinks that my > >current sshd is vulnerable? I have the latest stable precompiled > >package, i.e. the default ssh installed. > > Make sure that you have the security site in your /etc/apt/sources.list file. > If you do, and apt-get update; apt-get upgrade says you're up to date, then > you're fine. In general, the security team patches the current version to > fix security bugs in stable rather than upgrade to a newer version. That > could be confusing your sysadmin. The CRC bug was patched in debian as of > ssh version 1.2.3-9.2. You can look at the changelog in > /usr/share/doc/ssh/changelog.Debian.gz for specific information.
The original posting was "... (I'm running woody on a laptop PC). I should have all the security fixes installed on my system (there is this security.debian.org line on my sources.list file). " One has to be a little more careful than that if one is running woody (i.e. not stable) because security-patched versions for potato may be seen as downgrades by one's system, and apt-get may ignore them. Cheers, -- Email: [EMAIL PROTECTED] Tel: +44 1908 653 739 Fax: +44 1908 655 151 Snail: David Wright, Earth Science Dept., Milton Keynes, England, MK7 6AA Disclaimer: These addresses are only for reaching me, and do not signify official stationery. Views expressed here are either my own or plagiarised.
