[FreeBSD-Announce] FreeBSD Security
Advisory FreeBSD-SA-06:22.openssh
Mark Peek
mp at FreeBSD.org
Sun Oct 1 15:12:17 PDT 2006
On 9/30/06 1:24 PM, FreeBSD Security Advisories wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> =============================================================================
> FreeBSD-SA-06:22.openssh Security Advisory
> The FreeBSD Project
>
> Topic: Multiple vulnerabilities in OpenSSH
>
> Category: contrib
> Module: openssh
> Announced: 2006-09-30
> Credits: Tavis Ormandy, Mark Dowd
> Affects: All FreeBSD releases.
> Corrected: 2006-09-30 19:50:57 UTC (RELENG_6, 6.2-PRERELEASE)
> 2006-09-30 19:51:56 UTC (RELENG_6_1, 6.1-RELEASE-p10)
> 2006-09-30 19:53:21 UTC (RELENG_6_0, 6.0-RELEASE-p15)
> 2006-09-30 19:54:03 UTC (RELENG_5, 5.5-STABLE)
> 2006-09-30 19:54:58 UTC (RELENG_5_5, 5.5-RELEASE-p8)
> 2006-09-30 19:55:52 UTC (RELENG_5_4, 5.4-RELEASE-p22)
> 2006-09-30 19:56:38 UTC (RELENG_5_3, 5.3-RELEASE-p37)
> 2006-09-30 19:57:15 UTC (RELENG_4, 4.11-STABLE)
> 2006-09-30 19:58:07 UTC (RELENG_4_11, 4.11-RELEASE-p25)
> CVE Name: CVE-2006-4924, CVE-2006-5051
>
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit <URL:http://security.FreeBSD.org/>.
>
> I. Background
>
> OpenSSH is an implementation of the SSH protocol suite, providing an
> encrypted, authenticated transport for a variety of services,
> including remote shell access.
>snip<
BTW, the patches for this advisory appear to also need a patch to add log.c
into src/secure/usr.sbin/sshd/Makefile.
Mark
More information about the freebsd-security
mailing list