Date: Wed, 25 Oct 2000 08:04:11 -0700 (PDT) From: Zvezdelin Vladov <zvezdi_v@yahoo.com> To: freebsd-questions@FreeBSD.ORG, green@freebsd.org Subject: OpenSSH Upgrade Problems! ( Security related) Message-ID: <20001025150411.20437.qmail@web802.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hello! I have tried few times to cvsup the cvs-crypto group of sources where openssh lies in. I am running FreeBSD-4.x-stable, last update made around 15 october. Precompiled OK. Still, just today found out that I am running the old openssh, with few SECURITY related BUGS. I can't update it to the 2.2.x version as the web of openssh.com states. I can't update it through the /usr/ports subsystem too. There is the old version. As stated on the http://www.openbsd.org/errata.html#format_strings QUOTE: 028: SECURITY FIX: Oct 6, 2000 There are printf-style format string bugs in several privileged programs. Those are updated in the 2.2.x version. Still, on the cvs by web from freebsd.org looks like it (the 2.2.x) has been imported 2/3 days after the OpenBSD folks changed the bugs. I can't get one thing. Is this fixed for -current only? Just found out by the advisory from openbsd, following the link above, and went to download the "portable" version to update my openssh. Cvsup to internat.freebsd.org says: cvs-crypto: no such collection. Commenting-out cvs-crypto and pointing by src-secure src-.... etc. didn't work. Not even on any other cvsup server. (have tried both with 4.x-stable 4.x-secure-stable) and most of the uk's cvsup servers. Comments? Yours, Zvezdelin Vladov __________________________________________________ Do You Yahoo!? Yahoo! Messenger - Talk while you surf! It's FREE. http://im.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001025150411.20437.qmail>