FreeBSD Port: openssh-3.6.1

Matthew Seaman m.seaman at
Thu Sep 18 04:17:16 PDT 2003

On Thu, Sep 18, 2003 at 12:49:21PM +0200, Johannes Angeldorff wrote:
> Dear dinoex,
> We use OpenSSH on our FreeBSD servers.
> Today I saw this new insecurity at Cert:
> My question: When will OpenSSH 3.7.1 be available in Ports?
> Do you recommend installing it before it is available in Ports?

Please read the FreeBSD advisory at

All release branches since RELENG_4_3, as well as 4-STABLE and
5-CURRENT, and both openssh ports were patched between 14:46 and 16:25
UTC on 17th September.  This includes the vulnerabilities covered by
the second revision of the advisory from OpenSSH

As we're officially in the ports freeze before the release of 4.9 it's
quite likely that the full update to 3.7.1p1 won't happen until the
freeze has been lifted.  However, since the release has been put back
a few weeks, portmgr@ might see fit to permit the update sooner.

In any case, so long as you update your system or ports to the latest
available, you're covered against the vulnerability.  No further
action need be taken.  There's no need to switch to the ports version
of openssh from the base system version, or vice versa on account of
this problem.



Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP:         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-ports mailing list