Updating OpenSSH
Giorgos Keramidas
keramida at ceid.upatras.gr
Sat Feb 25 18:24:06 PST 2006
On 2006-02-26 01:25, "Daniel A." <ldrada at gmail.com> wrote:
> Hi, quick question.
> How do I update the OpenSSH which ships with FreeBSD6.0-RELEASE by default?
>
> It's just that I dont feel secure running an old version (4.2p1) of
> OpenSSH when there is a newer (4.3) version available.
To get security fixes, you have to update the base system to at least
one of the security branches or 6-STABLE.
The differences of /usr/src/UPDATING between RELENG_6_0_0_RELEASE (which
marks the 6.0-RELEASE in CVS) and the RELENG_6_0 branch are currently:
# Index: UPDATING
# ===================================================================
# RCS file: /home/ncvs/src/UPDATING,v
# retrieving revision 1.416.2.3.2.5
# retrieving revision 1.416.2.3.2.9
# diff -u -r1.416.2.3.2.5 -r1.416.2.3.2.9
# --- UPDATING 1 Nov 2005 23:43:49 -0000 1.416.2.3.2.5
# +++ UPDATING 25 Jan 2006 10:01:25 -0000 1.416.2.3.2.9
# @@ -8,6 +8,37 @@
# /usr/ports/UPDATING. Please read that file before running
# portupgrade.
#
# +20060125: p4 FreeBSD-SA-06:06.kmem, FreeBSD-SA-06:07.pf
# + Make sure buffers in if_bridge are fully initialized before
# + copying them to userland. Correct a logic error which could
# + allow too much data to be copied into userland. [06:06]
# +
# + Correct an error in pf handling of IP packet fragments which
# + could result in a kernel panic. [06:07]
# +
# +20060118: p3 FreeBSD-SA-06:05.80211
# + Correct a buffer overflow when scanning for 802.11 wireless
# + networks which can be provoked by corrupt beacon or probe
# + response frames.
# +
# +20060111: p2 FreeBSD-SA-06:01.texindex, FreeBSD-SA-06:02.ee,
# + FreeBSD-SA-06:03.cpio, FreeBSD-SA-06:04.ipfw
# + Correct insecure temporary file usage in texindex. [06:01]
# +
# + Correct insecure temporary file usage in ee. [06:02]
# +
# + Correct a race condition when setting file permissions,
# + sanitize file names by default, and fix a buffer overflow
# + when handling files larger than 4GB in cpio. [06:03]
# +
# + Fix an error in the handling of IP fragments in ipfw which
# + can cause a kernel panic. [06:04]
# +
# +20051219: p1 FreeBSD-EN-05:04.nfs
# + Correct a locking issue in nfs_lookup() where a call to vrele()
# + might be made while holding the vnode mutex, which resulted
# + in kernel panics under certain load patterns.
# +
# 20051101:
# FreeBSD 6.0-RELEASE
#
# @@ -404,4 +435,4 @@
# Contact Warner Losh if you have any questions about your use of
# this document.
#
# -$FreeBSD: src/UPDATING,v 1.416.2.3.2.5 2005/11/01 23:43:49 scottl Exp $
# +$FreeBSD: src/UPDATING,v 1.416.2.3.2.9 2006/01/25 10:01:25 cperciva Exp $
Since there haven't been any security fixes for OpenSSH in the RELENG_6_0
branch, I think you can safely assume it's ok to keep using this OpenSSH
version.
As a general principle though, you should definitely check the announcements
of the security team, at:
http://www.FreeBSD.org/security/
and decide for yourself when you need to update, how to update, etc.
- Giorgos
More information about the freebsd-questions
mailing list