Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Manually update SSH flaw in 5.5?
« previous next »
Pages: [1]   Go Down

Manually update SSH flaw in 5.5?

  • 6 Replies
  • 578 Views

toby

Manually update SSH flaw in 5.5?
« on: September 20, 2003, 07:36:14 AM »
Since 5.5 is no longer supported can you manually apply patches to the SSH vulnerability if you have a number of machines that you are not yet in the position to upgrade. (A couple of our machines are on 5.5 due to issues with mirroring and the 845 chipset on 5.6 and i am not keen to go to 6.0u3). I presume that with the kernel being also a 2.2 variant that on 5.5 you could just run the following:

e-smith-openssh-1.8.1-02.noarch.rpm
openssh-3.7.1p1-1es2.i386.rpm
openssh-server-3.7.1p1-1es2.i386.rpm
openssh-clients-3.7.1p1-1es2.i386.rpm

If there are dependency issues is there another way around it?

Toby
Logged

Chris Parker

Re: Manually update SSH flaw in 5.5?
« Reply #1 on: September 20, 2003, 01:24:33 PM »
I would be interested in this also :-)
Logged

Robert

Re: Manually update SSH flaw in 5.5?
« Reply #2 on: September 20, 2003, 04:08:57 PM »
Before you do anything else, disable external access to ssh if you hadn't done so already. Then you can start thinking about your update options. I have no idea if the rpms you mention cause any dependency errors on 5.5, but you can find out by doing
rpm -Uvh --test whatever
If there are dependency errors, your other option is to install the openssh updates for Red Hat 7.2. This does not require an update of e-smith-openssh, as configuration options should be compatible between minor version upgrades.
Logged

Chris Parker

Re: Manually update SSH flaw in 5.5?
« Reply #3 on: September 20, 2003, 07:05:20 PM »
I have killed my ext ssh already :-) I think I will wait for 6 final and then do the upgrade.

With regards to this vulnerability, if I was to enable ssh just for my ip @ work, would I still be open to this vulnerability? I should be safe shouldn't i?
Logged

Drew

Re: Manually update SSH flaw in 5.5?
« Reply #4 on: September 20, 2003, 07:26:58 PM »
I have 5.5 Update 3 installed, and I just downloaded the 4 files listed and ran 'rpm -Uvh *.rpm' against that folder.  I did not get any dependency errors.  I restarted ssh daemon and then checked if everything seemed to be working.  It does.  So I don't know why these ssh updates can't be run against 5.5 systems.  Am I missing something here?
Logged

Toby

Re: Manually update SSH flaw in 5.5?
« Reply #5 on: September 22, 2003, 11:29:10 AM »
I'll have a go also and let you know how i go. I left SME ssh open and locked the port on my Cisco router in the interim Chris.....had no real plan to advertise myself on a forum and then leave it open ;-)
Logged

Byron

Re: Manually update SSH flaw in 5.5?
« Reply #6 on: September 26, 2003, 01:08:47 AM »
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Manually update SSH flaw in 5.5?