Date: Wed, 26 Jun 2002 10:41:06 -0700 (PDT) From: Ray Gilstrap <ratogi@soe.ucsc.edu> To: freebsd-stable@FreeBSD.ORG Subject: Re: OpenSSH Message-ID: <20020626103000.B43537-100000@ratogi.arc.nasa.gov> In-Reply-To: <20020626171500.GS1961@beastie.datatrade.off>
next in thread | previous in thread | raw e-mail | index | archive | help
here's what i just learned from http://openssh.org/txt/preauth.adv and http://openssh.org/txt/iss.adv: 1. openssh 2.9 and earlier aren't affected. 2. if you are running a vulnerable version, turning off ChallengeResponseAuthentication will also immunize you. 3. openssh 3.4 was released today, containing a fix for this and a check for another "class of potential bugs." ~r To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020626103000.B43537-100000>