[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[opensuse-security] openSSH, 11.3 and CVE-2011-0539

We failed a pci-dss compliance test because the version of openSSH for 11.3 
doesn't have the fix for CVE-2011-0539. In fact, there hasn't been any update 
to openSSH for 11.3 since Jun 2010. 

I can see that the fix is in the version in factory. The change log has:

- Update to 5.8p1
 * Fix vulnerability in legacy certificate signing introduced in
   OpenSSH-5.6 and found by Mateusz Kocielski.

which looks like the fix for CVE-2011-0539.

Two questions:

1/ Is there any reason why this fix hasn't been ported to 11.3?

2/ Any reason why I might have problems taking the factory source and building 
it for myself?

Paul Reeves
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx