Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 16 Dec 2006 20:55:25 -0800
From:      Christopher Cowart <ccowart@rescomp.berkeley.edu>
To:        freebsd-questions@freebsd.org
Subject:   Re: openssh security issues
Message-ID:  <20061217045525.GF15871@rescomp.berkeley.edu>
In-Reply-To: <20061217034739.GF16906@tigger.digitaltorque.ca>
References:  <20061217034739.GF16906@tigger.digitaltorque.ca>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

--B8ONY/mu/bqBak9m
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Dec 16, 2006 at 10:47:39PM -0500, Michael P. Soulier wrote:
> So, portaudit keeps complaining about openssh, but when I try to upgrade.=
=2E.
>=20
> [msoulier@kanga ~]$ sudo portupgrade -R openssh
> [Updating the pkgdb <format:bdb1_btree> in /var/db/pkg ... - 207 packages
> found (-1 +1) (...). done]
> --->  Upgrading 'openssh-3.6.1_5' to 'openssh-3.6.1_6' (security/openssh)
> --->  Building '/usr/ports/security/openssh'
> =3D=3D=3D>  Cleaning for openssh-3.6.1_6
> =3D=3D=3D>  openssh-3.6.1_6 has known vulnerabilities:
> =3D> openssh -- multiple vulnerabilities.
>    Reference:
> <http://www.FreeBSD.org/ports/portaudit/32db37a5-50c3-11db-acf3-000c6ec77=
5d9.html>

This says it only affects SSH Protocol version 1. If you only use
version 2 or you're not too concerned, you could do:=20
$ sudo portupgrade -m DISABLE_VULNERABILITIES=3Dyes -R openssh

> =3D> Please update your ports tree and try again.
> *** Error code 1
>=20
> Stop in /usr/ports/security/openssh.
> ** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portupgrade.206=
85.0
> env UPGRADE_TOOL=3Dportupgrade UPGRADE_PORT=3Dopenssh-3.6.1_5
> UPGRADE_PORT_VER=3D3.6.1_5 make
> ** Fix the problem and try again.
> ** Listing the failed packages (*:skipped / !:failed)
>         ! security/openssh (openssh-3.6.1_5)    (unknown build error)
> --->  Packages processed: 0 done, 0 ignored, 0 skipped and 1 failed
>=20
> So, before bothering the port maintainer, is there a standard place to lo=
ok
> for a status update on this kind of thing?
>=20
> Thanks,
> Mike
> --=20
> Michael P. Soulier <msoulier@digitaltorque.ca>
> "Any intelligent fool can make things bigger and more complex... It
> takes a touch of genius - and a lot of courage to move in the opposite
> direction." --Albert Einstein



--=20
Chris Cowart
Network and Infrastructure Systems Administrator
RSSP-IT, UC Berkeley
"May all your pushes be popped"

--B8ONY/mu/bqBak9m
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFFhM29V3SOqjnqPh0RAp9VAKCv28lVFoEWvtaFjEkP8yv7cebWiwCeMFl0
s+voFFBHwk2c+Qj1LWbD3k4=
=PdO7
-----END PGP SIGNATURE-----

--B8ONY/mu/bqBak9m--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20061217045525.GF15871>