Im using OpenSSH 4.0 p1 linked with zlib version less then 1.2.2 in a number
of systems. These are all production systems where I can't upgrade the
service. I have a question that if I disable the compression by setting
"compression no" in sshd_config, will I be able to overcome the Buffer
overflow vulnerability in zlib. I just glanced through the code and it seems
sshd is not affected if "compression no" is set. I would like to get inputs
from the list.

Senthil Kumar.

openssh-unix-dev mailing list