of open ones for openssh on wheezy:
https://security-tracker.debian.org/tracker/source-package/openssh
Hi,
there are only unimportant issues open. OpenSSH is up-to-date in Wheezy
and Jessie. Please feel free to ask questions about Wheezy related
packages on the debian-lts mailing list in the
Hi Salvatore,
Thank you for that very useful link.
The only outstanding concern from my list is:
ID: OSVDB 14400
THREAT:
The SSH server running on the remote host is affected by an information
disclosure vulnerability.
IMPACT:
According to its banner, the version of OpenSSH running on the
Adam Weremczuk writes:
> Is there a better place / way to verify the latest Debian changelogs
> online?
You can use the security tracker to search for either the
vulnerabilities, or packages:
https://security-tracker.debian.org/tracker/
It lists a bunch of open ones for openssh on wheezy:
16-10009
> CVE-2016-10010
> CVE-2016-10011
> CVE-2016-10012
> OSVDB-144000
>
> in 6.0p1-4+deb7u6 ?
The security-tracker can help you verifying the status for certain
CVEs and source packages. For openssh, have a look at:
https://security-tracker.debian.org/tracker/source-package/open
share/doc/openssh-server/changelog.Debian on a system running
6.0p1-4+deb7u6 version on wheezy 7.1 but couldn't find them.
Also:
https://packages.debian.org/wheezy/openssh-server --> "Debian Changelog"
returns 404 not found.
Why is that?
Is there a better place / way to v
33 18
damien.m...@atih.sante.fr - www.atih.sante.fr
-Message d'origine-
De : Moritz Muehlenhoff [mailto:j...@debian.org]
Envoyé : vendredi 15 avril 2016 19:09
À : debian-security-annou...@lists.debian.org
Objet : [SECURITY] [DSA 3550-1] openssh security update
Importance : Haute
--
>> January 14, 2016 https://www.debian.org/security/faq
>> -
>> -----
>>
>> Package: openssh
>> CVE ID : CVE-2016-0777 CVE-2016-0778
>> Debian bug : 81
an Security Advisory DSA-3446-1 secur...@debian.org
> https://www.debian.org/security/Yves-Alexis Perez
> January 14, 2016 https://www.debian.org/security/faq
> - ------
eshly installed Debian and Ubuntu too
>>>>> though, tested it on Ubuntu too.
>>>> http://etbe.coker.com.au/2011/12/31/server-cracked/
>>>>
>>>> If you havd a sshd that is compromised in the same way as one was on one
>>>> of my
>&
u too.
>>> http://etbe.coker.com.au/2011/12/31/server-cracked/
>>>
>>> If you havd a sshd that is compromised in the same way as one was on one of
>>> my
>>> servers then Anibal's command will give an output of 0.
>>>
>>> I d
> If you havd a sshd that is compromised in the same way as one was on one of
>> my
>> servers then Anibal's command will give an output of 0.
>>
>> I don't know what relevance this has to a discussion of OpenSSH logging
>> though.
>>
>> I'
On Fri, 2 Mar 2012, Mike Mestnik wrote:
> > I'd like to have OpenSSH log the email address field from a key that was
> > used for login so I could see something like "ssh key
> > russ...@coker.com.au was used to login to account rjc" in my logs.
> >
s then Anibal's command will give an output of 0.
>
> I don't know what relevance this has to a discussion of OpenSSH logging
> though.
>
> I'd like to have OpenSSH log the email address field from a key that was used
> for login so I could see something like "s
On 03/01/12 18:23, Bedwell, Jordon wrote:
> On Thu, Mar 1, 2012 at 3:16 PM, Mike Mestnik wrote:
>> On 03/01/2012 02:51 PM, Aníbal Monsalve Salazar wrote:
>>> On Thu, Mar 01, 2012 at 06:56:07AM -0600, Jordon Bedwell wrote:
>>>
The problem is I cannot get sshd to log publickey denied errors to
on freshly installed Debian and Ubuntu too
> though, tested it on Ubuntu too.
http://etbe.coker.com.au/2011/12/31/server-cracked/
If you havd a sshd that is compromised in the same way as one was on one of my
servers then Anibal's command will give an output of 0.
I don't know what rel
On Thu, Mar 1, 2012 at 3:16 PM, Mike Mestnik wrote:
> On 03/01/2012 02:51 PM, Aníbal Monsalve Salazar wrote:
>>
>> On Thu, Mar 01, 2012 at 06:56:07AM -0600, Jordon Bedwell wrote:
>>
>>>
>>> The problem is I cannot get sshd to log publickey denied errors to
>>> /var/log/auth.log so our daemons can
2012/3/1 Aníbal Monsalve Salazar :
> On Thu, Mar 01, 2012 at 06:56:07AM -0600, Jordon Bedwell wrote:
>>The problem is I cannot get sshd to log publickey denied errors to
>>/var/log/auth.log so our daemons can ban these users. I want to know
>>what happened to messages like "publickey denied for [u
On 03/01/2012 02:51 PM, Aníbal Monsalve Salazar wrote:
On Thu, Mar 01, 2012 at 06:56:07AM -0600, Jordon Bedwell wrote:
The problem is I cannot get sshd to log publickey denied errors to
/var/log/auth.log so our daemons can ban these users. I want to know
what happened to messages like "publ
On Thu, Mar 01, 2012 at 06:56:07AM -0600, Jordon Bedwell wrote:
>The problem is I cannot get sshd to log publickey denied errors to
>/var/log/auth.log so our daemons can ban these users. I want to know
>what happened to messages like "publickey denied for [user] from [ip]"
>I cannot get it to log
On Thu, Mar 1, 2012 at 6:31 AM, Taz wrote:
>>rsaauthentication no
> change this to yes
I'm at a loss, how is setting an option that does not even apply to us
(since we use Protocol 2 and that option is moot for us anyways) going
to fix a logging issue? Perhaps I need to be more explicit and I am
SSH Version: OpenSSH_5.5p1 Debian-6+squeeze1, OpenSSL 0.9.8o 01 Jun 2010
part of the config:
compression yes
maxauthtries 1
port 22
listenaddress 10.6.18.80
protocol 2
useprivilegeseparation yes
syslogfacility AUTH
loglevel VERBOSE
logingracetime 30
permitrootlogin yes
strictmodes yes
rsaauthentic
gt;
> How can i contact openssh mnt?
>
> Thank you.
Hello Taz
Could you please expand your technical explanation?
a. do you use keys+passphrases or keys or passwords?
b. how many people have a key or password?
c. could you show sshd_config at pastebin?
d. how many servers were really compr
On Thu, Dec 29, 2011 at 4:51 PM, Thijs Kinkhorst wrote:
> On Thu, December 29, 2011 16:37, Nicolas Carusso wrote:
>>
>> How about creating a Referense list with all the suggestions that we are
>> doing?
>> If all of you agree, Let's start now.
>>
>> SECURITY LIST
>> **
>
> There's
On Fri, 30 Dec 2011, Taz wrote:
> of course, i've double changed all password and regenerated ssh keys.
Are the SSH and PAM settings doing what you think? I suggest carefully
examining the contents of /etc to see what has been changed from the default.
A new sshd vulnerability that allows remo
Has this issue been resolved?
Can we be sure this doesn't lead back to a
potentially vulnerable component of openssh?
Can you provide any further information?
Did you find the point of entry? (compromise)
Greetings,
Patrick
--
Patrick Geschke
Systemadministration
Top Arbeitgeber 2011!
K
On Thu, Dec 29, 2011 at 11:30:27PM +0400, Taz wrote:
> Anybody want's to check it out?
> I can provide ssh access, if u will give me ssh key.
From the sound of things, we're not going to find much. It's clear that
the attackers have already cleaned up their tracks by editing auth.log,
etc. The d
Anybody want's to check it out?
I can provide ssh access, if u will give me ssh key.
On Thu, Dec 29, 2011 at 11:06 PM, Noah Meyerhans wrote:
> On Thu, Dec 29, 2011 at 04:39:24PM +0100, Kees de Jong wrote:
>> I guess I already pointed out everything. I added the updating part to it.
>>
>> * Use
gards
fEnIo
On Thu, Dec 29, 2011 at 8:42 PM, Todd Wheeler wrote:
I'm wondering based on this if there is anything in /etc/xinetd.d or if
there is anything in /etc/ssh/sshd_config that would point you in the right
direction. Sounds like something is spawning based on a connection to port
On Thu, Dec 29, 2011 at 04:39:24PM +0100, Kees de Jong wrote:
> I guess I already pointed out everything. I added the updating part to it.
>
> * Use private not public keys with strong passwords
This doesn't make any sense at all. You need both private and public
keys for key-based authenticatio
, Todd Wheeler wrote:
> I'm wondering based on this if there is anything in /etc/xinetd.d or if
> there is anything in /etc/ssh/sshd_config that would point you in the right
> direction. Sounds like something is spawning based on a connection to port
> 22. (if OpenSSH itself
ted machines.
>>>>>
>>>>>
>>>>> PS: We all got it now, fail2ban is a great tool ;-)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Thu, Dec 29, 2011 at 15:04, Taz wrote:
>>>
I'm wondering based on this if there is anything in /etc/xinetd.d or if there
is anything in /etc/ssh/sshd_config that would point you in the right
direction. Sounds like something is spawning based on a connection to port 22.
(if OpenSSH itself wasn't exploited)
Times like this:
t;>>
>>>>
>>>>
>>>>
>>>> On Thu, Dec 29, 2011 at 15:04, Taz wrote:
>>>>>
>>>>> Hello, we've got various debian servers, about 15, with different
>>>>> versions. All of them have been attacked
is a total new start on
>>> all the affected machines.
>>>
>>>
>>> PS: We all got it now, fail2ban is a great tool ;-)
>>>
>>>
>>>
>>>
>>> On Thu, Dec 29, 2011 at 15:04, Taz wrote:
>>>>
>>>> Hello, we'
7;ve got various debian servers, about 15, with different
>>> versions. All of them have been attacked today and granted root
>>> access.
>>> Can anybody help? We can give ssh access to attacked machine, it seems
>>> to be serious ssh vulnerability.
>>
2:37
Para: serge.dewai...@openevents.fr; debian-security@lists.debian.org
Asunto: RE: need help with openssh attack
How
about creating a Referense list with all the suggestions that we are doing?
If all of you agree, Let's start now.
SECURITY LIST
**
1. SSH. Deny root
29, 2011 at 15:04, Taz wrote:
>>
>> Hello, we've got various debian servers, about 15, with different
>> versions. All of them have been attacked today and granted root
>> access.
>> Can anybody help? We can give ssh access to attacked machine, it seems
>>
On Thu, December 29, 2011 16:37, Nicolas Carusso wrote:
>
> How about creating a Referense list with all the suggestions that we are
> doing?
> If all of you agree, Let's start now.
>
> SECURITY LIST
> **
There's already the Securing Debian HOWTO:
http://www.debian.org/doc/manuals/
y and granted root
access.
Can anybody help? We can give ssh access to attacked machine, it seems
to be serious ssh vulnerability.
How can i contact openssh mnt?
Thank you.
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble?
6:16:45 +0100
> > From: serge.dewai...@openevents.fr
> > To: debian-security@lists.debian.org
>
> > Subject: Re: need help with openssh attack
> >
> > Hi,
> >
> > To prevent brute-force attack, you can also use the package named
> > "fail2ban&
te. Keep debian Updated.
4
> Date: Thu, 29 Dec 2011 16:16:45 +0100
> From: serge.dewai...@openevents.fr
> To: debian-security@lists.debian.org
> Subject: Re: need help with openssh attack
>
> Hi,
>
> To prevent brute-force attack, you can also use the package named
&
o be serious ssh vulnerability.
>
> How can i contact openssh mnt?
>
> Thank you.
>
>
> --
> To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmas...@lists.debian.org
> Archive:
&
about 15, with different
versions. All of them have been attacked today and granted root
access.
Can anybody help? We can give ssh access to attacked machine, it seems
to be serious ssh vulnerability.
How can i contact openssh mnt?
Thank you.
--
To UNSUBSCRIBE, email to debian-security-requ...@l
il.com
> CC: debian-security@lists.debian.org
> Subject: Re: need help with openssh attack
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hello,
>
> Could you please paste /var/log/auth.log message of attack?
> Are you sure about it's not any bruteforce
can give ssh access to attacked
> machine, it seems to be serious ssh vulnerability.
>
> How can i contact openssh mnt?
>
> Thank you.
>
>
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla -
sh_trojan.html
>
> The above blog post may be of use to you. One of my servers was
> compromised
> via that one.
>
> > How can i contact openssh mnt?
>
> Colin Watson
>
> The changelog for the openssh-server package gives Colin as the maintainer.
>
> --
> M
> versions. All of them have been attacked today and granted root
> > access. Can anybody help? We can give ssh access to attacked
> > machine, it seems to be serious ssh vulnerability.
> >
> > How can i contact openssh mnt?
> >
> > Thank you.
>
vulnerability.
http://blog.sesse.net/blog/tech/2011-11-15-21-44_ebury_a_new_ssh_trojan.html
The above blog post may be of use to you. One of my servers was compromised
via that one.
> How can i contact openssh mnt?
Colin Watson
The changelog for the openssh-server package gives Colin as the m
ked today and granted root
> access. Can anybody help? We can give ssh access to attacked
> machine, it seems to be serious ssh vulnerability.
>
> How can i contact openssh mnt?
>
> Thank you.
>
>
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.17 (MingW32)
Comment: Usi
Hello, we've got various debian servers, about 15, with different
versions. All of them have been attacked today and granted root
access.
Can anybody help? We can give ssh access to attacked machine, it seems
to be serious ssh vulnerability.
How can i contact openssh mnt?
Thank you.
-
Sam Kuper writes:
> 2009/6/30 Nico Golde
>
>> http://security-tracker.debian.net/tracker/CVE-2008-5161
> Ouch! I agree with the note.
My understanding is that you then terminate the connection you're
attacking as part of the attempt to recover the cleartext unless you
happen to succeed. I thi
2009/6/30 Nico Golde
>
> Hi,
> * Niko Thome [2009-06-30 11:47]:
> > I stumbled upon a vulnerability in OpenSSH reported back in November
> > 2008. http://www.securityfocus.com/bid/32319
> >
> > I was a bit concerned about that flaw, and tried to find out if
Hi,
* Niko Thome [2009-06-30 11:47]:
> I stumbled upon a vulnerability in OpenSSH reported back in November
> 2008. http://www.securityfocus.com/bid/32319
>
> I was a bit concerned about that flaw, and tried to find out if it is
> fixed due a backport of some openSSH 5.2 upstr
Hello List,
I stumbled upon a vulnerability in OpenSSH reported back in November
2008. http://www.securityfocus.com/bid/32319
I was a bit concerned about that flaw, and tried to find out if it is
fixed due a backport of some openSSH 5.2 upstream code. But I didn't
find neither a bug nor
* Florian Weimer:
> Debian-specific: no
> It has been discovered that the signal handler implementing the login
> timeout in Debian's version of the OpenSSH server uses functions which
> are not async-signal-safe, leading to a denial of service
> vulnerability (CVE-2008-41
tEmptyPasswords no
PasswordAuthentication yes
X11Forwarding no
X11DisplayOffset 10
PrintMotd no
PrintLastLog no
KeepAlive yes
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM no
This is sshd_config now:
Port 222
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePriv
I'd suggest posting your sshd_config & your ssh -v output.
Mike Stone
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Fri, May 23, 2008 at 12:28 AM, Karl Goetz <[EMAIL PROTECTED]> wrote:
> On Thu, 2008-05-22 at 07:49 +0100, Alexandros Papadopoulos wrote:
>> Hi all, thanks for the suggestions so far.
>>
>> I talked local staff through backing up the sshd configuration file,
>> p
On Thu, 2008-05-22 at 07:49 +0100, Alexandros Papadopoulos wrote:
> Hi all, thanks for the suggestions so far.
>
> I talked local staff through backing up the sshd configuration file,
> purging the openssh-server package and then reinstalling openssh.
>
> I'm quite frustr
* Alexandros Papadopoulos <[EMAIL PROTECTED]> [2008-05-22 07:49 +0100]:
> 2. tail -f /var/log/auth.log on the server - staff reported no new
> entries while I was attempting to login
You can try to get more information by running sshd -d (stop the
normal daemon before).
Nicolas
--
http://www.ra
Hi all, thanks for the suggestions so far.
I talked local staff through backing up the sshd configuration file,
purging the openssh-server package and then reinstalling openssh.
I'm quite frustrated to say this didn't fix anything. Had exactly the
same behaviour:
debug1: Next auth
Michel Messerschmidt schrieb:
> 1) Create a new temporary keypair on a non-vulnerable system and
>protect the key with a good passphrase.
> 2) Install the temporary public key on the vulnerable system *before*
>the upgrade. Because it is no weak key, it won't be blacklisted.
>Note: Y
which means there wasn't a way to generate bad
>> ones:
>>
>
> It didn't before. At least not directly from ssh-keygen.
>
> It is so because It won't be standard compliant (the standard specify
> that DSA must be 1024 bits). I don't know if Op
y from ssh-keygen.
It is so because It won't be standard compliant (the standard specify
that DSA must be 1024 bits). I don't know if OpenSSH will accept longer
keylength (some implementation will certainly refuse It).
Personnally, in situation when I really care, I like to simp
On Wed, May 21, 2008 at 07:07:34AM +0200, Vincent Bernat wrote:
> OoO En cette nuit nuageuse du mercredi 21 mai 2008, vers 01:32, Kees
> Cook <[EMAIL PROTECTED]> disait:
>
> > * Add empty DSA-2048, since they weren't any bad ones.
>
> How is it possible?
I could be mistaken, but prior to ope
try to utilise the simplest
> of all, keyboard interactive authentication. I'd suspect breakage
> between the new openssh daemon and the authentication mechanisms (PAM,
> GSSAPI, you-name-it), but on two different distributions
> simultaneously?
Have you ever tested password aut
OoO En cette nuit nuageuse du mercredi 21 mai 2008, vers 01:32, Kees
Cook <[EMAIL PROTECTED]> disait:
> * Add empty DSA-2048, since they weren't any bad ones.
How is it possible?
Thanks.
--
BOFH excuse #63:
not properly grounded, please bury computer
pgp3twM6bO48f.pgp
Description: PGP sig
On Tue, May 20, 2008 at 6:38 PM, Kim N. Lesmer <[EMAIL PROTECTED]> wrote:
> On Tue, 20 May 2008 20:45:20 +0100
> "Alexandros Papadopoulos" <[EMAIL PROTECTED]> wrote:
>
>> 3. Testing to see if you can still get on to a server is exactly what
>> I would have done, if my connection had not been killed
fig and restart the daemon, with absolutely no change in
> behavior.
So at this point you cannot gain access on the machine at all using
SSH, but you have a local staff with access. Make them purge (not just
delete) the openssh-server, and re-install it.
> a) How/why were my active connec
OoO En ce début de soirée du mardi 20 mai 2008, vers 21:45, "Alexandros
Papadopoulos" <[EMAIL PROTECTED]> disait:
> 3. Testing to see if you can still get on to a server is exactly what
> I would have done, if my connection had not been killed by the server
> itself a few seconds after upgrading
Unfortunately my question has still not been answered.
1. What's the information in /usr/share/doc/openssh-server that is so
enlightening? I don't have access to a debian machine right now so
would be nice to know. Tried downloading from
http://packages.debian.org/etch/openssh-server t
; the series of events:
> + I enabled password authentication in sshd_config (PasswordAuthentication
> yes)
> + aptitude update && aptitude dist-upgrade, which updated the packages
> and restarted the openssh daemon
> + shortly thereafter my SSH connection was terminated
>
On Tue, May 20, 2008 at 08:20:04AM +0100, Alexandros Papadopoulos wrote:
> + I enabled password authentication in sshd_config (PasswordAuthentication
> yes)
> + aptitude update && aptitude dist-upgrade, which updated the packages
> and restarted the openssh daemon
> + sh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alexandros Papadopoulos said:
> + I enabled password authentication in sshd_config
> (PasswordAuthentication yes)
> + aptitude update && aptitude dist-upgrade, which updated the packages
> and restarted the openssh daemon
>
ed in the other night and this was
> the series of events:
> + I enabled password authentication in sshd_config
> (PasswordAuthentication yes)
> + aptitude update && aptitude dist-upgrade, which updated the packages
> and restarted the openssh daemon
> + shortly thereaf
(PasswordAuthentication yes)
+ aptitude update && aptitude dist-upgrade, which updated the packages
and restarted the openssh daemon
+ shortly thereafter my SSH connection was terminated
+ I tried to login to the machine, but never got the chance:
debug1: Host '[hostname.domainname]:222' is
MaxStartups.
--On May 20, 2008 4:15:33 PM +1000 CaT <[EMAIL PROTECTED]> wrote:
I got connections from an unknown IP to openssh today. openssh logged:
Public key ... blacklisted (see ssh-vulnkey(1))
19 times, each time with a different key and then ssh would not respond
any mo
On Tue, May 20, 2008 at 12:52:54AM -0600, Michael Loftis wrote:
> MaxStartups.
Ah. That'd do it. First time I hit that. Thanks and sorry for the noise.
On the down side it seems people are already starting to exploit the
blacklisted keys.
--
"Police noticed some rustling sounds from Linn's bo
I got connections from an unknown IP to openssh today. openssh logged:
Public key ... blacklisted (see ssh-vulnkey(1))
19 times, each time with a different key and then ssh would not respond
any more and connections to it froze like so:
$ ssh [EMAIL PROTECTED] -v
OpenSSH_4.3p2 Debian-9etch1
Hola:
Por si les interesa, hay una alerta de seguridad en debian.
Saludos
Leonardo
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Date: Fri, 16 May 2008 18:14:27 +0200
> Subject: [SECURITY] [DSA 1576-2] New openssh packages fix
Hola:
Por si les interesa, hay una alerta de seguridad en debian.
Saludos
Leonardo
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Date: Wed, 14 May 2008 11:24:56 +0200
> Subject: [SECURITY] [DSA 1576-1] New openssh packages fix
http://www.securityfocus.com/archive/1/492112/30/0/threaded
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Wed, May 14, 2008 at 07:33:43PM +0200, Jan Luehr wrote:
> >To check all your own keys, assuming they are in the standard
> >locations (~/.ssh/id_rsa, ~/.ssh/id_dsa, or ~/.ssh/identity):
> >
> > ssh-vulnkey
>
> I took a look at it and found two large blacklist containing lots of key
On Wed, May 14, 2008 at 10:39:10AM -0700, Harry Edmon wrote:
> Are there any plans to issue the same openssl/openssh security fixes for
> lenny has have been done for etch?
OpenSSL has already been fixed in lenny. The openssh package containing
ssh-vulkey should hit testing tomorrow
Are there any plans to issue the same openssl/openssh security fixes for
lenny has have been done for etch?
--
Dr. Harry Edmon E-MAIL: [EMAIL PROTECTED]
206-543-0547[EMAIL PROTECTED]
Dept of Atmospheric SciencesFAX:206-543-0308
Hello,
Am Mittwoch, 14. Mai 2008 schrieb Florian Weimer:
> Package : openssh
> Vulnerability : predictable random number generator
> Problem type : remote
> Debian-specific: yes
> CVE Id(s) : CVE-2008-0166
>
> The recently announced vulnerability in Debian
On Wed, May 14, 2008 at 12:17:14PM +0200, Jan Luehr wrote:
> > 1. Install the security updates
> >
> >This update contains a dependency on the openssl update and will
> >automatically install a corrected version of the libss0.9.8 package,
> >and a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wolf Tony wrote:
| Hi,
|
| you only need to do
|
| aptitude install openssh-server
|
| or
|
| apt-get install openssh-server
|
| Best regards
|
| Tony Wolf
|
That worked fine.
Thank you.
Kind regards
- --
José Santos
[EMAIL PROTECTED]
-BEGIN
Hi,
you only need to do
aptitude install openssh-server
or
apt-get install openssh-server
Best regards
Tony Wolf
-Ursprüngliche Nachricht-
Von: Alvise Belotti [mailto:[EMAIL PROTECTED]
Gesendet: Mittwoch, 14. Mai 2008 12:20
An: José Santos
Cc: debian-security@lists.debian.org
Hello,
Am Mittwoch, 14. Mai 2008 schrieb Florian Weimer:
> Package : openssh
> Vulnerability : predictable random number generator
> Problem type : remote
> Debian-specific: yes
> CVE Id(s) : CVE-2008-0166
> 1. Install the security updates
>
>This upda
MAIL PROTECTED]
> | http://www.debian.org/security/ Florian Weimer
> | May 14, 2008 http://www.debian.org/security/faq
> | ----
> |
> | Package: openssh
> |
| May 14, 2008 http://www.debian.org/security/faq
|
|
| Package: openssh
| Vulnerability : predictable random number generator
| Problem type : remote
| Debian-specific: yes
| CVE Id(s
just the latest ssh from debian with the
right patch from http://chrootssh.sourceforge.net/).
Sarge:
deb http://debian.home-dn.net/sarge openssh/
deb-src http://debian.home-dn.net/sarge openssh/
Woody:
deb http://debian.home-dn.net/woody openssh/
deb-src http://debian.home-dn.net/woody o
just the latest ssh from debian with the
right patch from http://chrootssh.sourceforge.net/).
Sarge:
deb http://debian.home-dn.net/sarge openssh/
deb-src http://debian.home-dn.net/sarge openssh/
Woody:
deb http://debian.home-dn.net/woody openssh/
deb-src http://debian.home-dn.net/woody o
* Francois Sauterey ([EMAIL PROTECTED]) [030922 22:36]:
> Le 13:56 22/09/03 -0400, George Georgalis nous a écrit :
> ** Message d'origine **
> >Most of my debian installs took the recent ssh updates without a hiccup,
> >but two of them deposited the file /etc/ssh/sshd_not_to_be_run before
>
* Francois Sauterey ([EMAIL PROTECTED]) [030922 22:36]:
> Le 13:56 22/09/03 -0400, George Georgalis nous a écrit :
> ** Message d'origine **
> >Most of my debian installs took the recent ssh updates without a hiccup,
> >but two of them deposited the file /etc/ssh/sshd_not_to_be_run before
>
In article <[EMAIL PROTECTED]> you wrote:
> and what's about ssh/potato ?
> I don't see any thing about a new upgrade foir ssh in potato ?
Potato is not anymore supported by debian security team, as you can read in
the faq. t is unfortunate, I still have some systems running.. well.. thanks
god no
In article <[EMAIL PROTECTED]> you wrote:
> and what's about ssh/potato ?
> I don't see any thing about a new upgrade foir ssh in potato ?
Potato is not anymore supported by debian security team, as you can read in
the faq. t is unfortunate, I still have some systems running.. well.. thanks
god no
On Wed, Sep 24, 2003 at 12:12:54PM +0300, Riku Anttila wrote:
> According to http://www.openssh.com/txt/sshpam.adv there are multiple
> vulnerabilities in the "new PAM code of Portable OpenSSH".
>
> It sounds as if it's limited to versions 3.7p1 and3.7.1p1, but I t
On Wed, Sep 24, 2003 at 12:12:54PM +0300, Riku Anttila wrote:
> According to http://www.openssh.com/txt/sshpam.adv there are multiple
> vulnerabilities in the "new PAM code of Portable OpenSSH".
>
> It sounds as if it's limited to versions 3.7p1 and3.7.1p1, but I t
1 - 100 of 396 matches
Mail list logo