Re: openssh remote upgrade procedure?

On Fri, May 23, 2008 at 12:28 AM, Karl Goetz <[EMAIL PROTECTED]> wrote: > On Thu, 2008-05-22 at 07:49 +0100, Alexandros Papadopoulos wrote: >> Hi all, thanks for the suggestions so far. >> >> I talked local staff through backing up the sshd configuration file, >> purging the openssh-server package

Re: Status of CVE-2008-1615 in stable?

On Thu, May 22, 2008 at 11:23:36PM -0400, Michael Gilbert wrote: > Looks like redhat recently released updates [1] that fix the > high-severity vulnerability described by CVE-2008-1615 [2]. Will a > similar fix be pushed out to debian etch any time soon? yes, a patch for this is queued for the ne

Status of CVE-2008-1615 in stable?

Looks like redhat recently released updates [1] that fix the high-severity vulnerability described by CVE-2008-1615 [2]. Will a similar fix be pushed out to debian etch any time soon? It looks like it should be pretty straightforward since it is a one-line patch [2]. [1] http://rhn.redhat.com/er

Laissez vous guidez sur Annonces-automobile.com

Si ce message ne s'affiche pas correctement, cliquez ici En exclusivité sur le Web ! Enregistrez votre recherche et attendez d'être contacté par le vendeur www.annonces-automobile.com En partenariat avec A bientôt sur ANNONCES Automobile. Pour vous désinscrire, cliquez ici.

Re: openssh remote upgrade procedure?

On Thu, 2008-05-22 at 07:49 +0100, Alexandros Papadopoulos wrote: > Hi all, thanks for the suggestions so far. > > I talked local staff through backing up the sshd configuration file, > purging the openssh-server package and then reinstalling openssh. > > I'm quite frustrated to say this didn't f

Re: openssl-blacklist & two keys per one pid

On Wed, 21 May 2008, Jamie Strandboge wrote: > > I discovered that there is also 3rd key which you get if you pass empty > > file by -rand. Keys created in this way are still the same so it's > > another possible compromised key. I'm not sure if it worth spend time on > > counting this keys.

Re: openssh remote upgrade procedure?

* Alexandros Papadopoulos <[EMAIL PROTECTED]> [2008-05-22 07:49 +0100]: > 2. tail -f /var/log/auth.log on the server - staff reported no new > entries while I was attempting to login You can try to get more information by running sshd -d (stop the normal daemon before). Nicolas -- http://www.ra

Re: openssl-blacklist & two keys per one pid

On Wed, 21 May 2008, Jan Tomasek wrote: > Jamie Strandboge wrote: >>> I discovered that there is also 3rd key which you get if you pass >>> empty file by -rand. Keys created in this way are still the same so >>> it's another possible compromised key. I'm not sure if it worth >>> spend time on