|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Buki (dev
null.cz)Date: Tue Jul 02 2002 - 09:12:50 CDT
On Tue, Jul 02, 2002 at 08:47:37AM -0400, Peter Brezny wrote:
> I've been trying to get clear on whether or not freebsd-stable (4.6-STABLE
> FreeBSD 4.6-STABLE #0: Sat Jun 29 00:37:13 EDT 2002) has resolved the
> problem listed in CA-2002-18 from CERT.
>
> it doesn't appear so since it's running Openssh_2.9 and
> http://openssh.org/txt/preauth.adv clearly says that freebsd is vulnerable.
>
>
> I _THOUGHT_ i found something on the freebsd site stating that OpenSSH_2.9
> FreeBSD localisations 20020307 was not vulnerable, however, I can't find it
> now.
>
> Since there doesn't appear to be a security advisory or notice from the
> freebsd security team on this one yet, what's the best thing to do?
the Best Thing(tm) is to stay calm :)
>
> Manually update to openssh 3.4? Is an update to the base system in the
> works?
>
you may either manually upgrade to OpenSSH 3.4 (/usr/ports/security/openssh-portable)
or stick with base OpenSSH 2.9 localisation 20020307 as it is secure as many
people on this list said before. But YMMV.
> TIA
>
>
> Peter Brezny
> Skyrunner.net
>
>
>
>
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
Buki
-- PGP public key: http://dev.null.cz/buki.asc/"\ \ / ASCII Ribbon Campaign X Against HTML & Outlook Mail / \ http://www.thebackrow.net
To Unsubscribe: send mail to majordomo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]