Question about "FreeBSD Security Advisory FreeBSD-SA-13:14.openssh"
Darren Pilgrim
list_freebsd at bluerosetech.com
Tue Nov 19 15:54:25 UTC 2013
On 11/19/2013 7:44 AM, Paul Hoffman wrote:
> Greetings again. Why does this announcement only apply to:
>
>> Affects: FreeBSD 10.0-BETA
>
> That might be the only version where aes128-gcm and aes256-gcm are in
> the defaults, but other versions of FreeBSD allow you to specify
> cipher lists in /etc/ssh/sshd_config. I would think that you would
> need to update all systems running OpenSSH 6.2 and 6.3, according to
> the CVE. FWIW, when I did a freebsd-update on my 9.2-RELEASE system,
> sshd (6.2) was not updated.
The other requirement for being vulnerable is OpenSSH must be compiled
with TLS 1.2 support (i.e., linked to OpenSSL v1.0.1 or later). FreeBSD
9.2 only has OpenSSL 0.9.8.y.
More information about the freebsd-security
mailing list