Anyone with this Openssh issue too ?

[cass]

Every update I get ...

....
nss_ldap is up to date
Downloading openssh-3.1p1-6.i386.rpm
Retrieving http://updates.cpanel.net/pub/rpmup/redhat/7.3/x86/updates/openssh-
1p1-6.i386.rpm
Preparing... ########################################### [100%]
package openssh-3.3p1-1 (which is newer than openssh-3.1p1-6) is already insta
ed
Downloading openssh-clients-3.1p1-6.i386.rpm
Retrieving http://updates.cpanel.net/pub/rpmup/redhat/7.3/x86/updates/openssh-
ients-3.1p1-6.i386.rpm
Preparing... ########################################### [100%]
package openssh-clients-3.3p1-1 (which is newer than openssh-clients-3.1p1-6)
already installed
Downloading openssh-server-3.1p1-6.i386.rpm
Retrieving http://updates.cpanel.net/pub/rpmup/redhat/7.3/x86/updates/openssh-
rver-3.1p1-6.i386.rpm
Preparing... ########################################### [100%]
package openssh-server-3.3p1-1 (which is newer than openssh-server-3.1p1-6) is
lready installed
openssl is up to date
openssl-devel is up to date
...
...

Is this bad ? ...
So I have 3.3 installed ... why dont cpanel update to 3.3 the servers?
I want to know ... if I need to downgrade for any reason or so...

anyone?
Thakns!

 

[H2Hosting.com]

edited

 

[H2Hosting.com]

edited

 

[itf]

[quote:252d38a266][i:252d38a266]Originally posted by cass[/i:252d38a266]

Every update I get ...

....
nss_ldap is up to date
Downloading openssh-3.1p1-6.i386.rpm
Retrieving http://updates.cpanel.net/pub/rpmup/redhat/7.3/x86/updates/openssh-
1p1-6.i386.rpm
Preparing... ########################################### [100%]
package openssh-3.3p1-1 (which is newer than openssh-3.1p1-6) is already insta
ed
Downloading openssh-clients-3.1p1-6.i386.rpm
Retrieving http://updates.cpanel.net/pub/rpmup/redhat/7.3/x86/updates/openssh-
ients-3.1p1-6.i386.rpm
Preparing... ########################################### [100%]
package openssh-clients-3.3p1-1 (which is newer than openssh-clients-3.1p1-6)
already installed
Downloading openssh-server-3.1p1-6.i386.rpm
Retrieving http://updates.cpanel.net/pub/rpmup/redhat/7.3/x86/updates/openssh-
rver-3.1p1-6.i386.rpm
Preparing... ########################################### [100%]
package openssh-server-3.3p1-1 (which is newer than openssh-server-3.1p1-6) is
lready installed
openssl is up to date
openssl-devel is up to date
...
...

Is this bad ? ...
So I have 3.3 installed ... why dont cpanel update to 3.3 the servers?
I want to know ... if I need to downgrade for any reason or so...

anyone?
Thakns!

[/quote:252d38a266]
Red Hat has patched Open SSH 3.1p1 and offered their own builds:
They usually patch stable releases of softwares and after a lot of tests and reviewing codes they modify softwares and follow this policy; &latest is not the best always& stability and security are their goals. This is why they usually offer their builds.

You are not vulnerable if you use these builds:


Red Hat 7.0 and 7.1:
openssh-3.1p1-5
openssh-clients-3.1p1-5
openssh-server-3.1p1-5

Red Hat 7.2 and 7.3:
openssh-3.1p1-6
openssh-clients-3.1p1-6
openssh-server-3.1p1-6

Then Canel installs the latest Red Hat builds and you have installed 3.3 manually from a non-Red Hat source, because as the date of this post Red Hat hasn't offered OpenSSH 3.3 RPM release

You can remove 3.3 manually and use /scripts/upcp

 

[itf]

duplicated post, see above

 

[cass]

Well... I have RedHat 7.3, and I have not installed any &non-rpm& openssl.
If it's installed has to be an RPM.

but well... can be something from the apt-get but is an RPM sure.

Thanks for your info.

 

[itf]

[quote:c774e7bea0][i:c774e7bea0]Originally posted by cass[/i:c774e7bea0]

Well... I have RedHat 7.3, and I have not installed any &non-rpm& openssl.
If it's installed has to be an RPM.

but well... can be something from the apt-get but is an RPM sure.

Thanks for your info.
[/quote:c774e7bea0]

What I wrote is:
&…Cpanel installs the latest Red Hat builds and you have installed 3.3 manually from a non-Red Hat source, because as the date of this post Red Hat hasn't offered OpenSSH 3.3 RPM release&

apt-get is not official site of Red Hat also Red Hat hasn't offered OpenSSH 3.3 RPMs, also &...have installed 3.3 manually from a non-Red Hat source& means Cpanel hasn't installed it and you manually installed another software either RPM package or tar.gz, it doesn't matter.

RPM is a packaging tool for softwares in Red Hat Linux and RPM releases could be generated by any source but we are talking about Red Hat RPMs. It means if you see an RPM release, it doesn't mean that it is offered by Red Hat, [b:c774e7bea0]Red Hat RPM Packages have Red Hat's Signature and are offered via Red Hat official web site or its mirrors or Distribution packages[/b:c774e7bea0]