{"id":19,"date":"2003-09-17T00:32:09","date_gmt":"2003-09-16T23:32:09","guid":{"rendered":"http:\/\/wp.devco.net\/?p=19"},"modified":"2009-10-09T17:35:40","modified_gmt":"2009-10-09T16:35:40","slug":"openssh_vulnerability","status":"publish","type":"post","link":"https:\/\/www.devco.net\/archives\/2003\/09\/17\/openssh_vulnerability.php","title":{"rendered":"OpenSSH Vulnerability"},"content":{"rendered":"

I first got first word of the OpenSSH<\/a> vulnerability via Barry’s mention of it<\/a>. I updated my FreeBSD<\/a> machines quite quickly thanks to their excellent security team.
\nWhen it came to RedHat<\/a>, of course, it was a mess.<\/p>\n


\nRedHat has stopped maintaining older versions of their distributions, they seem to think customers can afford to redeploy all machines every 6 months – which means a full reinstall due to their flawed upgrade procedure.
\nSo I had to backport, I got the latest SRPM from the RedHat 9 advisory and tried to build it, after installing all the needed -devel RPMs it still failed. On further investigation I found that the PAM<\/a> package as supplied by RedHat has changed. The initial package that came with my version of RedHat included the header files in the normal PAM package. Later on they provided a security fix for PAM and this did not include the header files, instead it builds a -devel package. Furthermore they did not supply the -devel RPM as part of the later update.
\nThere were absolutely no indication of this requirement in the actual RPM, its ‘requires’ lists did not include pam-devel at all.
\nTo get around this I had to rebuild PAM with the appropriate options to produce a -devel RPM (It does not do so by default) and proceeded from there. Once I got around this it was smooth sailing and I now have a nice up to date RPM package for my ancient RedHat.
\nThis is not the first time RedHat has done something incredibly stupid as this, the recent IPTables<\/a> update did something similar by all of a sudden having more requirements to install than the version it replaces and so I had to go and find what it required manually – effectively breaking my automated updates tracking.
\nRedHat is just not ready for use in the real world.
\nOn a lighter side I noticed this<\/a> really funny yet appropriate posting on BugTraq.
\nRelated Links:
\nMy previous experiences with RPM<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

I first got first word of the OpenSSH<\/a> vulnerability via Barry’s mention of it<\/a>. I updated my FreeBSD<\/a> machines quite quickly thanks to their excellent security team.
\nWhen it came to RedHat<\/a>, ofcource, it was a mess.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","footnotes":""},"categories":[1],"tags":[39,63],"_links":{"self":[{"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/posts\/19"}],"collection":[{"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/comments?post=19"}],"version-history":[{"count":1,"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/posts\/19\/revisions"}],"predecessor-version":[{"id":926,"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/posts\/19\/revisions\/926"}],"wp:attachment":[{"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/media?parent=19"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/categories?post=19"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/tags?post=19"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}