FYI

http://cert.uni-stuttgart.de/archive/vulnwatch/2002/06/msg00035.html

There is a new version of OpenSSh for Raq3 and Raq4 on pkgmaster.com
The new version is OpenSSH 3.4p1-1.

"Customers can judge their vendors by how they respond to this issue." - He he... !

<<removed>>


OpenSSH-3.3p1
==============

Plattforms: RaQ3, RaQ4, RaQ XTR, RaQ550 and Qube3

Upgrades OpenSSH to version 3.3p1 which was released June 21 2002.


Anti-Virus-Suite:
==============

Plattforms: (NEW) RaQ550 and Qube3 / (OLD) RaQ3 and RaQ4

Installs Amavis and Kaspersky Labs personal Anti-Virus for Linux to scan all
inbound and outbound emails for virii. Infected emails will be stopped and
quarantined. Sender, Recipient and server admin will receive notification
when infected mails are intercepted.

Please note: The Qube3 version (only Qube3) also upgrades Sendmail to version
8.12.3 with Milter support for enhanced performance.

An XTR version is planned.


Blowchunks Module:
=================

Plattforms: All SUN/Cobalt RaQs and Qubes

All Apache versions prior to Apache-1.3.26 are vulnerable to the "chunked
encoding" attack with which an attacker can gain elevated privileges and
possibly root access.

Mr. Chris Bailiff released an Apache Module with which "chunked encoding"
attacks against Apache can be stopped and logged. This module can be
installed on any SUN/Cobalt RaQ to enhance its protection until SUN/Cobalt
releases a patch which fixes the problem.