Date: Wed, 26 Jun 2002 14:39:58 -0400 From: Bosko Milekic <bmilekic@unixdaemons.com> To: Jan Lentfer <Jan.Lentfer@web.de> Cc: FreeBSD Security Mailling List <freebsd-security@FreeBSD.ORG> Subject: Re: OpenSSH Security (just a question, please no f-war) Message-ID: <20020626143958.B43472@unixdaemons.com> In-Reply-To: <1025116241.2817.2.camel@jan-linux.lan>; from Jan.Lentfer@web.de on Wed, Jun 26, 2002 at 08:30:41PM %2B0200 References: <1025116241.2817.2.camel@jan-linux.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 26, 2002 at 08:30:41PM +0200, Jan Lentfer wrote: > Ok all, > > i somewhat gave up to follow the OpenSSH conversation on the list. I > have ONE question: I totally understand. > I am now running 3.3p1 on all my boxes (FreeBSD & Linux) with Privilige > Separation enabled. Is this configuration secure for now or not? > Do I have to update to 3.4 as soon as it is in ports or can I take a few > days until everything has settled and calmed a little? According to early reports, privsep should help you diminish the severity of the problem. However, since you've already bit the bullet, you may as well move on up to 3.4, as that is the official version containing the fix. It should be noted that from our interpretation, the version of OpenSSH shipping in -STABLE is /not/ vulnerable to this attack, so there is less reason to panic. However, just to be sure, if you already have the means and are well under way, move on up to 3.4. > Regards, > > Jan -- Bosko Milekic bmilekic@unixdaemons.com bmilekic@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020626143958.B43472>