[Fink-devel] openssh vulnerability -- upgrade to the fink package?

[Chris D. <cd...@bo...>]

[This is really aimed at fink-devel, but I've cc'ed -users too as
I'm not sure if I'm properly subscribed to -devel at the moment...]

There's a remote security exploit in versions of OpenSSH prior to
this week's release of 3.4.

From: http://slashdot.org/article.pl?sid=02/06/26/1547242

    Dan writes: "OpenSSH 3.4 has been released and will be
    shortly available on all mirrors. All versions of
    OpenSSH's sshd between 2.9.9 and 3.3 contain an input
    validation error that can result in an integer overflow
    and privilege escalation. OpenSSH 3.4 fixes this bug."
    And kylus writes: "The previously-mentioned
    vulnerability in OpenSSH has been disclosed by ISS
    X-Force today on the BugTraq list. This is a potential
    remote root compromise, and while there is a workaround,
    it's advised that users upgrade to version 3.4 as soon
    as they can."

http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-06-29/0

Fink is currently providing a package for 3.2.2, which is one of
the vulnerable versions. Will an upgrade be coming out, Max?


-- 
Chris Devers   cd...@bo...
DO  NOT  LEAVE  IT  IS  NOT  REAL