See http://news.zdnet.com/2100-9595_22-303182.html Apparently all versions under 5.2 (released back in February 23rd) are vulnerable.
OpenSSH is at 5.1p1-3.fc10 in the Fedora repos. Don't see 5.2 even in updates-testing. When will it become available?
On Thu, May 21, 2009 at 03:46:56PM -0700, Konstantin Svist wrote:
See http://news.zdnet.com/2100-9595_22-303182.html Apparently all versions under 5.2 (released back in February 23rd) are vulnerable.
OpenSSH is at 5.1p1-3.fc10 in the Fedora repos. Don't see 5.2 even in updates-testing. When will it become available?
File this as a bug, please. I see that the F-11 package has a patch that seems to address this problem.
On Thu, May 21, 2009 at 15:46:56 -0700, Konstantin Svist fry.kun@gmail.com wrote:
See http://news.zdnet.com/2100-9595_22-303182.html Apparently all versions under 5.2 (released back in February 23rd) are vulnerable.
OpenSSH is at 5.1p1-3.fc10 in the Fedora repos. Don't see 5.2 even in updates-testing. When will it become available?
Unless you are using automated reconnection after broken connections this attack isn't a big deal. It's not like you aren't going to notice someone trying it for normal interactive sessions.
-
Bruno Wolff III -
Konstantin Svist -
Paul W. Frields