Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 19 Apr 2012 08:25:19 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: owl and openssh

Hi Daniel,

On Tue, Apr 17, 2012 at 05:45:09PM +0200, Daniel Cegie?ka wrote:
> Why Owl still uses the old version of OpenSSH? Does this have anything to
> do with PAM modules? Are you going to do in the near future updates to the
> current version of OpenSSH?

The version of OpenSSH currently in Owl is old by version number, but it
actually has backports of newer stuff, including all relevant security
fixes that we are aware of (and we kept watching for them).

No, this has almost nothing to do with PAM modules.

We should update OpenSSH before our next major release.  This task is
assigned to Dmitry V. Levin, but somehow he just does not manage to find
time for it lately.  The task is not trivial because we have patches,
some of which will need to remain in the updated package (e.g., the key
blacklisting).  The updated package may also need to be re-tested for a
variety of potential issues, such as timing leaks allowing for easy
username probing (an issue that we previously patched, but that might
not have been addressed upstream).

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ