Hello Team, We ship our own software own top of Centos 5.2 OS and install other applications and rpms on top of rpms available in 5.2 Centos. We are in the process of upgrading to a later version of openssh (5.8 version of openssh is already available), however the latest src.rpm version of openssh available on Centos site is still openssh-4.3p2-72.el5_6.3.src.rpm<http://oss.oracle.com/el5/SRPMS-updates/openssh-4.3p2-72.el5_6.3.src.rpm> Which is a 4.3 and not anything in 5.x. The reason we want to do it because there are many vulnerabilities in older versions of openssh. Few are listed below. -* A signal handler race condition in OpenSSH before Version 4.4 can be exploited to cause a crash, and possibly execute arbitrary code if GSSAPI **authentication is enabled, via unspecified vectors that lead to a double-free. (CVE-2006-50 **- A denial of service vulnerability exists in sshd in OpenSSH before Version 4.4, when using the SSH protocol Version 1, because it does not**properly handle duplicate incoming blocks. This can be exploited by a remote attacker to cause sshd to consume a large quantity of CPU resources. ** (CVE-2006-4924)* *OpenSSH is prone to a plain text recovery attack. The issue is in the SSH protocol specification itself and exists in Secure Shell (SSH) software**when used with CBC-mode ciphers.* *OpenSSH is prone to a vulnerability that allows attackers to hijack forwarded X connections.Successfully exploiting this issue may allow an attackerrun arbitrary shell commands* These are only some of the issues and they are fixed in versions 5.2 or later. We work with openssh src.rpm and we are interested in getting a version 5.2 or greater src.rpm from Centos. I tried compiling these rpms from openssh source, but was unsuccessful. Can anyone thow some light, as to where can I get it or request it, which will work with other centos rpms. thanks in advance Thanks Nagrik -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20110803/3f1d1329/attachment-0003.html>