Summary: | OpenSSH 3.7p1 fixes potential security problem | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | fbusse |
Component: | New packages | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | avenj, carlo, hardened, lcars, nacka-gentoobugs, narada.sage, phosphan, raimund, torgeir |
Priority: | Highest | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://article.gmane.org/gmane.network.openssh.announce/17 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 28927 |
Description
fbusse
2003-09-16 05:39:51 UTC
There's already a new archive up at ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.7p1.tar.gz. A simple version bump should be enough to get that version out in Portage (works perfectly here). Blizzy! long time no see ;) Too bad their ftp site is overloaded ATM :/ http://wh0rd.de/gentoo/distfiles/openssh-3.7p1.tar.gz ... i'll scp it to dev.gentoo.org to get to our mirrors even faster :D hardened: you guys are gonna wanna update the selinux patch for this :) !!! Couldn't download openssh-3.7p1+x509g2.diff.gz. Aborting. The patch isn't available and is commented out in the ebuild, but Portage 2.0.49-r3 still tries to fetch it!? I have -selinux in my use flags and when doing an ebuild openssh-3.7_p1.ebuild fetch unpack compile. It would die a really bad death this SRC_URI fix/workaround should be added to portage shortly. - selinux? http://lostlogicx.com/gentoo/openssh_3.6p1-5.se1.diff.bz2" + selinux? ( http://lostlogicx.com/gentoo/openssh_3.6p1-5.se1.diff.bz2 )" I'm guessing this will still fail to build correctly for people using selinux. I'm adding pebenito@g.o directly to the CC list in case he did not get/see this bug already. i added () to all SRC_URIs for sake of completeness pebenito already knows ... i talked to him on irc about this ... as it stands now, 3.7 has been masked in selinux profiles I dont think this should of marked stable reguardless of of any security problems. repoman --pretend scan shows us.. DEPEND.bad 1 net-misc/openssh/openssh-3.7_p1.ebuild: ['app-admin/skey'] RDEPEND.bad 1 net-misc/openssh/openssh-3.7_p1.ebuild: ['app-admin/skey'] Already fixed in CVS. Also very few people have skey in USE anyway. It's a local flag. This package is in stable but fails to emerge. I will post bug once I have captured output. The issue of openssh 3.7_p1 failing to compile has been filed on bug 28909. Any help would be appreciated as this is a critical security update. openssh-3.7.1_p1 just hit the stores.. Anybody care to bump? SpanKY? already done :) just need GLSA GLSA has been sent for this version |