Hi,
I'm wondering if anybody could enlighten me about the effect of tracking
RELENG?
When the Openssh advisory came out (SA-03:12) I allowed a few days for all
issues to get ironed out and then used CVSUP to rebuild my boxes with
RELENG_4_7 or RELENG_4_8 (as appropriate). The advisory says that the
problem with OpenSSH is fixed by 4.7-RELEASE-p16 and a 'uname -a' of one
of
my 4.7 boxes shows it as being 4.7-RELEASE-p21
However, a '/usr/sbin/sshd -\?' shows the version of OpenSSH running as
being OpenSSH_3.4p1. Scanning the box with Nessus warns of the security hole
associated with versions of OpenSSH prior to 3.7.1p2 and warned about in
SA-03:12
So, ms question is, am I actually covered by 4.7-RELEASE-p21 and Nessus is
giving a false positive, or am I still potentially vulnerable?
Regards,
Steve.
***** CONFIDENTIALITY & SECURITY DISCLAIMER *****
Please note the contents of this e-mail do not necessarily represent the
policies or views of St Martins College. This e-mail message and any
attachments may contain confidential information and should only be accessed
by the intended recipient. If they have come to you in error please advise
the sender by replying to this email and copy your reply to
postmaster@ucsm.ac.uk. In this circumstance you must not disclose, copy,
distribute, use or rely on this email and you should permanently delete it.
Security Warning: Please note that this e-mail has been created in the
knowledge that Internet e-mail is not a 100% secure communications medium.
It is advised that you understand and observe this lack of security when
emailing us.
Viruses: Although we have taken steps to ensure that this email and
attachments are free from any virus, we cannot accept responsibility for
email once it has left us. You should ensure that you have a suitable anti
virus system in place and check the email upon receipt.