OpenSSL Security Advisory [11 Jun 2015]
michelle at sorbs.net
Sat Jun 13 11:13:10 UTC 2015
Don Lewis wrote:
> On 13 Jun, Michelle Sullivan wrote:
>> SSH would be the biggie that most security departments are scared of...
> Well, ssh is available in ports, though I haven't checked to see that it
> picks up the correct version of openssl.
Problem is it doesn't have 'overwrite base' anymore - and
openssh-portable66 which does have overwrite base is now marked
depreciated... which means one would have to be very careful about how
they use SSH in production as both server and client... Server is
easier as it has a different _enable identifier... but the client is not
distinguishable so unless one puts /usr/local/bin in their permanent
path as a priority over /usr/bin one will use the wrong version.
More information about the freebsd-ports