OpenSSH security hole

If anybody uses OpenSSH then please go and read http://www.openssh.com/txt/buffer.adv
There's been a security hole discovered and you need to either patch the existing code or upgrade to 3.7

HAH. I was just about to post something about that.

A lot of the mirrors don't have the latest 3.6 CVS snapshot or 3.7. So here's a few mirrors:
http://www.splaq.com/ssh/
http://www.maxinux.com/SSH/

heh. I was going to post this earlier but I didn't have a proper write up for it.

The OpenSSH hole is annoying as hell. It means that everybody has to suddenly go out and patch/upgrade untold numbers of systems as normally the SSH port would be open.

If you've not got enough time then firewalling the SSH port and only allowing authorised IP addresses (static only though!) to connect should mitigate some of the risk but it's best to upgrade still.

heh. I was going to post this earlier but I didn't have a proper write up for it.

Ditto. I didn't have the files up on the mirrors yet either.

The OpenSSH hole is annoying as hell. It means that everybody has to suddenly go out and patch/upgrade untold numbers of systems as normally the SSH port would be open.
If you've not got enough time then firewalling the SSH port and only allowing authorised IP addresses (static only though!) to connect should mitigate some of the risk but it's best to upgrade still.

Yep, big pain in the butt. Every one of my machines has SSH on it, eesh. So far I've got all but three of them patched/upgraded.

Umm yeah... Even more of a pain... 3.7.1 is out and it fixes more bugs

Grrr. I'm all for keeping up to date, but sometimes it's just really annoying.

You're going to love this... 3.7.1p2 is out. There is a PAM bug in the portable version. The OpenBSD version is apparently fine.

Yeah. Thankfully I don't use PAM. Anyway, my mirror is up to date (the maxinux.com one isn't mine).