Am 07.07.2009 um 22:31 schrieb Geoff Galitz: > > > >> is there a security issue on CentOS 5.3 with openssh 4.3? > > If this is a real zero-day exploit.. then yes, there is an issue. The > following link may be the best source of information at the moment: > > http://isc.sans.org/diary.html?storyid=6742 > > > FWIW, I think the second comment about RHEL/Centos in the referenced > post is > a little off-base. After all, you have to know that a bug exists > before you > can fix it. Well, there are usually behind-the-scenes communications between various vendors to get security-relevant bugs fixed in a coordinated fashion. This community is very small and closely knit - few stuff (if at all) spills out before it should. So, there might be fixes waiting to be released, too. We just don't know. Unless it's a real 0day. Those are rare, though ;-) Rainer