Hi,

Im using OpenSSH 4.0 p1 linked with zlib version less then 1.2.2 in a number
of systems. These are all production systems where I can't upgrade the
service. I have a question that if I disable the compression by setting
"compression no" in sshd_config, will I be able to overcome the Buffer
overflow vulnerability in zlib. I just glanced through the code and it seems
sshd is not affected if "compression no" is set. I would like to get inputs
from the list.

Thanks,
Senthil Kumar.


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev