According to the Debian Security Mailing list, more vulnerabilities
related to the one announced yesterday have been discovered. While the
new vulnerabilities have not yet been exploited, it is just a matter of
time since there is a working exploit for the original. Updated package
are available in security for Woody and in the main repository for Sarge
and Sid.
In addition to Unix systems, make sure that you have updated your
routers and other network gear that uses SSH. According to Theo de
Raadt: "every single hp and cisco switch containing this code
is likely vulnerable". If you can't update them yet, firewall port 22
to allow only known hosts.
--
Chris Lewis
shadow@digitalnirvana.com
----------------------------------------
If it compiles, it is good, if it boots up it is perfect.
- Linus Torvalds
----------------------------------------
(text/plain)