It's become a busy week for *Nix sysadmins with the release of patches over the last few days to resolve vulnerabilities with popular applications including Sendmail, openSSH and DB2.
Those *Nix techies enjoying a sense of schadenfreude as their Windows sysadmin colleagues toiled to defend Windows systems against Blaster, Sobig, Nachi et all over the last month now have some work on their hands.
First, users of the popular OpenSSH security package need to upgrade to version 3.7.1 because of a buffer overflow flaw.
The vulnerability could allow an attacker to corrupt heap memory and trigger a denial-of-service condition. "It may also be possible for an attacker to execute arbitrary code," security clearing house CERT warns. CERT's advisory contains a links to patches from software distros that contain OpenSSH code and to OpenSSH project's own update.
