View Single Post
  #1   (View Single Post)  
Old 8th February 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default OpenSSH 5.8 addresses legacy certificate signing vulnerability

From http://www.h-online.com/security/new...y-1184503.html

Quote:
Less than two weeks after OpenSSH 5.7 arrived, the OpenSSH development team has released version 5.8 / 5.8p1 of its open source SSH (Secure Shell) implementation. According to the developers, the latest update addressees a legacy certificate signing vulnerability that was introduced in OpenSSH 5.6 which could lead to "leaking confidential information". Users that are unable to update to the latest release are advised to avoid generating legacy certificates using OpenSSH 5.6 or 5.7 - legacy certificates are requested by using the "-t" command line option on the ssh-keygen.)
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote