Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Vulnerabilities in Portable OpenSSH

Posted by michael on from the will-get-it-right-eventually dept.

An anonymous reader writes "The OpenSSH team has uncovered multiple exploitable vulnerabilities in the days-old portable release of OpenSSH. That's right folks: time to patch *again*. 3.7.1p2 is now available. Instructions and mirror list here. Please note that this vulnerability only affects *portable* OpenSSH--so if you are running OpenBSD, you're safe. This vulnerability apparently has to do with PAM, so you can use the 'UsePam no' option in your config file. Info on the advisory here and here."

1 of 324 comments (clear)

  1. Re:A solution? by Corgha · · Score: 2, Troll

    The PAM support in that version of portable OpenSSH is broken, anyway. They ripped the old PAM support out and replaced it with something half-done.

    That's why I backported the security patches, instead of upgrading. Now I'm glad that I did.