The patch for Debian Woody is already available.
> openssh (1:3.4p1-1.1) stable-security; urgency=high
>
> * NMU by the security team.
> * Merge patch from OpenBSD to fix a security problem in buffer
> handling
>
> -- Wichert Akkerman <wakkerma@debian.org> Tue, 16 Sep 2003 13:06:31
> +0200
Make sure you have the following line and then apt-get update, apt-get
install.
> deb http://security.debian.org/ woody/updates main
Austin Godber wrote:
> See slashdot. There doesn't seem to be a public exploit. There is a new
> version released:
>
> ftp://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.7p1.tar.gz
>
> Also be warned of other possibilities:
> "every single hp and cisco switch containing this code
> is likely vulnerable" -Theo
>
> From Full disclosure email list.
--
Chris Lewis
shadow@digitalnirvana.com
----------------------------------------
If it compiles, it is good, if it boots up it is perfect.
- Linus Torvalds
----------------------------------------
(text/plain)