Updating OpenSSH
Daniel A.
ldrada at gmail.com
Sat Feb 25 18:32:58 PST 2006
So, basically, if I want the newest version of OpenSSH running on my
system, I have to not use the one shipped with 6.0-RELEASE, and
install OpenSSH from ports?
On 2/26/06, Giorgos Keramidas <keramida at ceid.upatras.gr> wrote:
> On 2006-02-26 01:25, "Daniel A." <ldrada at gmail.com> wrote:
> > Hi, quick question.
> > How do I update the OpenSSH which ships with FreeBSD6.0-RELEASE by default?
> >
> > It's just that I dont feel secure running an old version (4.2p1) of
> > OpenSSH when there is a newer (4.3) version available.
>
> To get security fixes, you have to update the base system to at least
> one of the security branches or 6-STABLE.
>
> The differences of /usr/src/UPDATING between RELENG_6_0_0_RELEASE (which
> marks the 6.0-RELEASE in CVS) and the RELENG_6_0 branch are currently:
>
> # Index: UPDATING
> # ===================================================================
> # RCS file: /home/ncvs/src/UPDATING,v
> # retrieving revision 1.416.2.3.2.5
> # retrieving revision 1.416.2.3.2.9
> # diff -u -r1.416.2.3.2.5 -r1.416.2.3.2.9
> # --- UPDATING 1 Nov 2005 23:43:49 -0000 1.416.2.3.2.5
> # +++ UPDATING 25 Jan 2006 10:01:25 -0000 1.416.2.3.2.9
> # @@ -8,6 +8,37 @@
> # /usr/ports/UPDATING. Please read that file before running
> # portupgrade.
> #
> # +20060125: p4 FreeBSD-SA-06:06.kmem, FreeBSD-SA-06:07.pf
> # + Make sure buffers in if_bridge are fully initialized before
> # + copying them to userland. Correct a logic error which could
> # + allow too much data to be copied into userland. [06:06]
> # +
> # + Correct an error in pf handling of IP packet fragments which
> # + could result in a kernel panic. [06:07]
> # +
> # +20060118: p3 FreeBSD-SA-06:05.80211
> # + Correct a buffer overflow when scanning for 802.11 wireless
> # + networks which can be provoked by corrupt beacon or probe
> # + response frames.
> # +
> # +20060111: p2 FreeBSD-SA-06:01.texindex, FreeBSD-SA-06:02.ee,
> # + FreeBSD-SA-06:03.cpio, FreeBSD-SA-06:04.ipfw
> # + Correct insecure temporary file usage in texindex. [06:01]
> # +
> # + Correct insecure temporary file usage in ee. [06:02]
> # +
> # + Correct a race condition when setting file permissions,
> # + sanitize file names by default, and fix a buffer overflow
> # + when handling files larger than 4GB in cpio. [06:03]
> # +
> # + Fix an error in the handling of IP fragments in ipfw which
> # + can cause a kernel panic. [06:04]
> # +
> # +20051219: p1 FreeBSD-EN-05:04.nfs
> # + Correct a locking issue in nfs_lookup() where a call to vrele()
> # + might be made while holding the vnode mutex, which resulted
> # + in kernel panics under certain load patterns.
> # +
> # 20051101:
> # FreeBSD 6.0-RELEASE
> #
> # @@ -404,4 +435,4 @@
> # Contact Warner Losh if you have any questions about your use of
> # this document.
> #
> # -$FreeBSD: src/UPDATING,v 1.416.2.3.2.5 2005/11/01 23:43:49 scottl Exp $
> # +$FreeBSD: src/UPDATING,v 1.416.2.3.2.9 2006/01/25 10:01:25 cperciva Exp $
>
> Since there haven't been any security fixes for OpenSSH in the RELENG_6_0
> branch, I think you can safely assume it's ok to keep using this OpenSSH
> version.
>
> As a general principle though, you should definitely check the announcements
> of the security team, at:
>
> http://www.FreeBSD.org/security/
>
> and decide for yourself when you need to update, how to update, etc.
>
> - Giorgos
>
>
More information about the freebsd-questions
mailing list