Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv)

From: Darren Tucker (dtuckerat_private)
Date: Wed Apr 30 2003 - 01:29:28 PDT

Next message: Michael -: "re:Latest MS SQL Server vulnerabilities revealed"

Previous message: Conectiva Updates: "[CLA-2003:633] REVISED: Conectiva Security Announcement - glibc"
In reply to: Damien Miller: "Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Damien Miller wrote:
> 1. Systems affected:
>         Users of Portable OpenSSH prior to 3.6.1p2 on AIX are affected
>         if OpenSSH was compiled using a non-AIX compiler (e.g. gcc).

Hi All.

	For the last year or so I've published OpenSSH binary packages for AIX at
[1].

	I would like to advise all users of these packages that all versions up
to and including the 3.6.1p1 version *are* affected by this and have been
removed.

	A patched version (3.6.1p1-1) is available which addresses this issue.  I
urge all users of these packages to upgrade or apply the workaround
immediately.

		-Daz.

[1] http://www.zip.com.au/~dtucker/openssh/

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Next message: Michael -: "re:Latest MS SQL Server vulnerabilities revealed"
Previous message: Conectiva Updates: "[CLA-2003:633] REVISED: Conectiva Security Announcement - glibc"
In reply to: Damien Miller: "Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 01 2003 - 13:41:27 PDT