From owner-freebsd-questions  Wed Oct 25  8: 4:15 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from web802.mail.yahoo.com (web802.mail.yahoo.com [128.11.23.62])
	by hub.freebsd.org (Postfix) with SMTP id A923237B4C5
	for <freebsd-questions@FreeBSD.ORG>; Wed, 25 Oct 2000 08:04:12 -0700 (PDT)
Received: (qmail 20438 invoked by uid 60001); 25 Oct 2000 15:04:11 -0000
Message-ID: <20001025150411.20437.qmail@web802.mail.yahoo.com>
Received: from [212.124.86.132] by web802.mail.yahoo.com; Wed, 25 Oct 2000 08:04:11 PDT
Date: Wed, 25 Oct 2000 08:04:11 -0700 (PDT)
From: Zvezdelin Vladov <zvezdi_v@yahoo.com>
Subject: OpenSSH Upgrade Problems! ( Security related)
To: freebsd-questions@FreeBSD.ORG, green@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hello!

I have tried few times to 
cvsup the cvs-crypto group of sources
where openssh lies in. 

I am running FreeBSD-4.x-stable,
last update made around 15 october.
Precompiled OK.

Still, just today found out that
I am running the old openssh, with
few SECURITY related BUGS.

I can't update it to the 2.2.x version 
as the web of openssh.com states.

I can't update it through the /usr/ports
subsystem too. There is the old version.

As stated on the
http://www.openbsd.org/errata.html#format_strings
QUOTE:

028: SECURITY FIX: Oct 6, 2000
There are printf-style format string bugs in several
privileged programs. 

Those are updated in the 2.2.x version.


Still, on the cvs by web from freebsd.org looks
like it (the 2.2.x) has been imported 2/3 days
after the OpenBSD folks changed the bugs.

I can't get one thing. Is this fixed for -current
only?

Just found out by the advisory from openbsd, following
the link above, and went to download the "portable"
version to update my openssh.

Cvsup to internat.freebsd.org says:
cvs-crypto: no such collection.

Commenting-out cvs-crypto and pointing by
src-secure
src-....
etc. didn't work. Not even on any other
cvsup server. (have tried both with 4.x-stable
4.x-secure-stable) and most of the uk's cvsup servers.

Comments?
Yours,
Zvezdelin Vladov


__________________________________________________
Do You Yahoo!?
Yahoo! Messenger - Talk while you surf!  It's FREE.
http://im.yahoo.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message