OpenSSH Vulnerable Prior to 3.7.1
Dag-ErlingSmørgrav
des at des.no
Thu Jan 22 12:11:11 PST 2004
Dave Tweten <tweten at nas.nasa.gov> writes:
> I understand that FreeBSD patches old versions of OpenSSH instead of
> substituting new ones,
That depends, but upgrading is generally a lot more work (and
introduces other risks).
It is however highly unlikely that we will ever upgrade OpenSSH in 4.x
to 3.7.1, as it does not support Kerberos IV, which we still want to
support in 4.x.
> but my question is whether sshd version
> "OpenSSH_3.5p1 FreeBSD-20030924" has these vulnerabilities fixed.
We do not know of any vulnerabilities in FreeBSD-STABLE's OpenSSH. If
you have any information we don't, we'd be very much obliged if you
could forward it to <secteam at freebsd.org>.
> Is it
> as secure as OpenSSH 3.7.1?
As far as we know, yes.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-stable
mailing list