From owner-freebsd-security@FreeBSD.ORG Thu Apr 17 06:22:08 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3D729106564A for ; Thu, 17 Apr 2008 06:22:08 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by mx1.freebsd.org (Postfix) with ESMTP id DECF88FC0A for ; Thu, 17 Apr 2008 06:22:06 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.5) with SMTP id QAA28457 for ; Thu, 17 Apr 2008 16:07:57 +1000 (EST) (envelope-from smithi@nimnet.asn.au) Date: Thu, 17 Apr 2008 16:07:56 +1000 (EST) From: Ian Smith To: freebsd-security@freebsd.org In-Reply-To: <200804170014.m3H0Et3m028277@freefall.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: FreeBSD Security Advisory FreeBSD-SA-08:05.openssh X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Apr 2008 06:22:08 -0000 On Thu, 17 Apr 2008, FreeBSD Security Advisories wrote: > IV. Workaround > > Disable support for IPv6 in the sshd(8) daemon by setting the option > "AddressFamily inet" in /etc/ssh/sshd_config. > > Disable support for X11 forwarding in the sshd(8) daemon by setting > the option "X11Forwarding no" in /etc/ssh/sshd_config. It's not quite clear from this whether both workarounds are required, or just either one, until upgrading? cheers, Ian