looks like more trouble with openssh.

This time its the portable code, PAM it seems. If you are running OpenBSD and are patched you are safe. If you are running anything else and just patched, time to patch again...

http://www.securityfocus.com/archive/121/338617

and

http://www.securityfocus.com/archive/121/338616

{K}

I just saw this and was like..wooooooo

This time its the portable code, PAM it seems. If you are running OpenBSD and are patched you are safe. If you are running anything else and just patched, time to patch again...

As long as im up to date with all the latest patches for 3.3, I should be alright?

[code:1:c5cf293bd0]$ ssh -V
OpenSSH_3.7.1, SSH protocols 1.5/2.0, OpenSSL 0.9.7-beta3 30 Jul 2002
[/code:1:c5cf293bd0]

Tarballed

As long as im up to date with all the latest patches for 3.3, I should be alright?


This warning and patch is for the portable code, so every other OS using the portable version, but not OpenBSD, as it does not use portable. OpenBSD is safe from the warning above. With the 3.7.1 you should be fine. At least as far as I know...

{K}

Well looks like a new addition to /usr/src/UPDATING

saying p7 for openssh pam module..

though the sources are not on the cvsup server we know it's on it's way..

hows this for a heads up.. before the fbsd announcement..

*UPDATE**
ssh sources are there now