FreeBSD Port: openssh-3.6.1
m.seaman at infracaninophile.co.uk
Thu Sep 18 04:17:16 PDT 2003
On Thu, Sep 18, 2003 at 12:49:21PM +0200, Johannes Angeldorff wrote:
> Dear dinoex,
> We use OpenSSH on our FreeBSD servers.
> Today I saw this new insecurity at Cert:
> My question: When will OpenSSH 3.7.1 be available in Ports?
> Do you recommend installing it before it is available in Ports?
Please read the FreeBSD advisory at
All release branches since RELENG_4_3, as well as 4-STABLE and
5-CURRENT, and both openssh ports were patched between 14:46 and 16:25
UTC on 17th September. This includes the vulnerabilities covered by
the second revision of the advisory from OpenSSH
As we're officially in the ports freeze before the release of 4.9 it's
quite likely that the full update to 3.7.1p1 won't happen until the
freeze has been lifted. However, since the release has been put back
a few weeks, portmgr@ might see fit to permit the update sooner.
In any case, so long as you update your system or ports to the latest
available, you're covered against the vulnerability. No further
action need be taken. There's no need to switch to the ports version
of openssh from the base system version, or vice versa on account of
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20030918/fa4ccd0d/attachment.bin
More information about the freebsd-ports