OpenSSH 5.8 addresses legacy certificate signing vulnerability
From http://www.h-online.com/security/new...y-1184503.html
Quote:
Less than two weeks after OpenSSH 5.7 arrived, the OpenSSH development team has released version 5.8 / 5.8p1 of its open source SSH (Secure Shell) implementation. According to the developers, the latest update addressees a legacy certificate signing vulnerability that was introduced in OpenSSH 5.6 which could lead to "leaking confidential information". Users that are unable to update to the latest release are advised to avoid generating legacy certificates using OpenSSH 5.6 or 5.7 - legacy certificates are requested by using the "-t" command line option on the ssh-keygen.)
|
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|