Question about "FreeBSD Security Advisory FreeBSD-SA-13:14.openssh"
Paul Hoffman
phoffman at proper.com
Tue Nov 19 15:44:43 UTC 2013
Greetings again. Why does this announcement only apply to:
> Affects: FreeBSD 10.0-BETA
That might be the only version where aes128-gcm and aes256-gcm are in the defaults, but other versions of FreeBSD allow you to specify cipher lists in /etc/ssh/sshd_config. I would think that you would need to update all systems running OpenSSH 6.2 and 6.3, according to the CVE. FWIW, when I did a freebsd-update on my 9.2-RELEASE system, sshd (6.2) was not updated.
--Paul Hoffman
More information about the freebsd-security
mailing list