Openssh vulnerabilities
On Tue, 2007-06-12 at 22:28 -0400, Kevin Fenzi wrote:
Author: kevin
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19805
Modified Files:
fc7
Log Message:
Process openssh
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- fc7 12 Jun 2007 20:40:54 -0000 1.5
+++ fc7 13 Jun 2007 02:28:16 -0000 1.6
@@ -23,7 +23,7 @@
*CVE-2007-2843 ignore (konqueror) safari specific
*CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970
*CVE-2007-2799 (file)
-*CVE-2007-2768 (openssh)
+CVE-2007-2768 VULNERABLE (openssh)
This is not an openssh vulnerability but PAM
OPIE module one and we
don't ship this module. -> NOT VULNERABLE
*CVE-2007-2756 ignore (gd) DoS only
*CVE-2007-2754 (freetype)
*CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397
@@ -54,7 +54,7 @@
*CVE-2007-2356 (gimp)
*CVE-2007-2353 (axis)
*CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882
-*CVE-2007-2243 (openssh)
+CVE-2007-2243 VULNERABLE (openssh, fixed 4.6)
We don't ship openssh with S/KEY
support compiled in. -> NOT VULNERABLE
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb