FreeBSD Security Advisory FreeBSD-SA-08:05.openssh
Ian Smith
smithi at nimnet.asn.au
Thu Apr 17 11:39:47 UTC 2008
On Thu, 17 Apr 2008, Peter Pentchev wrote:
> On Thu, Apr 17, 2008 at 04:07:56PM +1000, Ian Smith wrote:
> > On Thu, 17 Apr 2008, FreeBSD Security Advisories wrote:
> >
> > > IV. Workaround
> > >
> > > Disable support for IPv6 in the sshd(8) daemon by setting the option
> > > "AddressFamily inet" in /etc/ssh/sshd_config.
> > >
> > > Disable support for X11 forwarding in the sshd(8) daemon by setting
> > > the option "X11Forwarding no" in /etc/ssh/sshd_config.
> >
> > It's not quite clear from this whether both workarounds are required, or
> > just either one, until upgrading?
>
> Either one, depending on what you want - if your users *need* and use
> X11 forwarding, then you wouldn't want to use "X11Forwarding no" :)
>
> Basically:
> - if you DO NOT use X11 forwarding, just disable it with "X11Forwarding no"
> - if you use X11 forwarding *and* you DO NOT use IPv6, use the
> "AddressFamily inet" line
> - if you use X11 forwarding *and* you use IPv6, then you must upgrade.
Thanks for the confirmation Peter, also Jille and mouss.
cheers, Ian
More information about the freebsd-security
mailing list