Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Sep 2003 12:16:29 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Johannes Angeldorff <johannes@smartnet.se>
Cc:        ports@freebsd.org
Subject:   Re: FreeBSD Port: openssh-3.6.1
Message-ID:  <20030918111629.GA59821@happy-idiot-talk.infracaninophile.co.uk>
In-Reply-To: <a05200f22bb8f3d276060@[192.168.0.3]>
References:  <a05200f22bb8f3d276060@[192.168.0.3]>
next in thread | previous in thread | raw e-mail | index | archive | help 

--OXfL5xGRrasGEqWY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Sep 18, 2003 at 12:49:21PM +0200, Johannes Angeldorff wrote:
> Dear dinoex,
>=20
> We use OpenSSH on our FreeBSD servers.
>=20
> Today I saw this new insecurity at Cert:
> http://www.cert.org/advisories/CA-2003-24.html
>=20
> My question: When will OpenSSH 3.7.1 be available in Ports?
>=20
> Do you recommend installing it before it is available in Ports?

Please read the FreeBSD advisory at
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:12.openssh.=
asc

All release branches since RELENG_4_3, as well as 4-STABLE and
5-CURRENT, and both openssh ports were patched between 14:46 and 16:25
UTC on 17th September.  This includes the vulnerabilities covered by
the second revision of the advisory from OpenSSH
(http://www.openssh.com/txt/buffer.adv)

As we're officially in the ports freeze before the release of 4.9 it's
quite likely that the full update to 3.7.1p1 won't happen until the
freeze has been lifted.  However, since the release has been put back
a few weeks, portmgr@ might see fit to permit the update sooner.

In any case, so long as you update your system or ports to the latest
available, you're covered against the vulnerability.  No further
action need be taken.  There's no need to switch to the ports version
of openssh from the base system version, or vice versa on account of
this problem.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--OXfL5xGRrasGEqWY
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/aZQNdtESqEQa7a0RAjjjAKCVN26Id11eIqRCc9WqdPdgDB9wTwCcDuLc
bcdNAAUm6IcdEMzdsJwSXu0=
=f24s
-----END PGP SIGNATURE-----

--OXfL5xGRrasGEqWY--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030918111629.GA59821>