Saturday, April 5, 2008

Security Fix : OpenSSH

A new advisories has been released for OpenSSH package which is now upgraded to 5.0. Along with this are update to mercurial and mkinitrd and also inclusion of dbus-python. Here's the latest -Current changelog:
Fri Apr 4 13:47:24 CDT 2008
a/mkinitrd-1.3.2-i486-1.tgz: Patched to fix problems with previous settings getting overwritten with a plain "mkinitrd", and added support for non-US keyboards. Thanks to Eric Hameleers.

d/mercurial-1.0-i486-1.tgz: Upgraded to mercurial-1.0.

l/dbus-python-0.82.4-i486-1.tgz: Added dbus-python-0.82.4, which is needed for the correct operation of hplip. Thanks to Robby Workman.

n/openssh-5.0p1-i486-1.tgz: Upgraded to openssh-5.0p1.
This version fixes a security issue where local users could hijack forwarded X connections. Upgrading to the new package is highly recommended.
For more information on this security issue, please see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483
(* Security fix *)

usb-and-pxe-installers/initrd.img. Removed. Use the initrd.img from isolinux/ as the installer images had become identical. Also see Eric Hameleers' updated README_PXE.TXT.