Here's an update with regard to the apache and openssh vulnerabilities for users of the unofficial Alpha port of SME 5.1.2 in response to Mitel's updates of these packages.
1. Apache
Mitel's security update for apache (apache-1.3.22-6es1) is identical to the update I released and announced here earlier (apache-1.3.22-5.7.1rvda) and which can be found on
http://www.robert2.dds.nl/howtos/alpha-howto.html, with the important difference that I hadn't done any extensive testing on it. Apache-1.3.22-5.7.1rvda can now be considered the official apache security update for SME Alpha, or at least as official as it gets for an unofficial, unsupported port. Update now if you haven't already.
2. Openssh
All the reports I've read strongly suggest that the openssh vulnerabilities are
not even remotely exploitable on systems running SME 5.1.2 for Alpha (or x86 for that matter), because:
a. some of the exploitable code is not included in Linux binaries, and
b. the other exploitable code is disabled in the configuration.
However, since I appreciate that people get a warm and fuzzy feeling from applying "security updates", users of SME Alpha are suggested to update to the RedHat 7.1 Alpha errata packages for openssh, openssh-clients, and openssh-server.
Regards,
Robert van den Aker
0 Replies
403 Views