Updating OpenSSH

Matthew Seaman m.seaman at infracaninophile.co.uk
Wed Mar 16 14:35:28 UTC 2011 

On 16/03/2011 13:38, Carmel wrote:
> I was just wondering about the version of SSH used on FreeBSD.
> 
> According to the OpenSSH page:
> 
> OpenSSH 5.8/5.8p1 released February 4, 2011 [contains security fix]
> 
> Now, according to my system, FreeBSD-8.2, I have this version:
> 
> OpenSSH_5.4p1 FreeBSD-20100308, OpenSSL 0.9.8q 2 Dec 2010
> 
> # openssl version
> OpenSSL 1.0.0d 8 Feb 2011
> 
> So why is an older version shown? Also, when does the FreeBSD
> team intend to update the system OpenSSH version?
> 
> I have the following notation in my /etc/make.conf file:
> 
> 	WITH_OPENSSL_PORT=yes
> 
> Should I have something else also? I have FreeBSD 8.2-STABLE installed.
> 

The version of OpenSSH shipped with any release of the OS is exceedingly
unlikely to be updated within the lifetime of that release.  Not unless
there was a killer problem, and it turned out easier to update the whole
shebang rather than just patching the problem.

Why wasn't OpenSSH updated in stable/8 before 8.2-RELEASE? Good
question.  I don't actually know.  It's quite possible that no one had
sufficient spare cycles to do the work required, and that the changes
between 5.4 and 5.8 were not sufficiently compelling for anyone to make
the time.

As for security vulnerabilities: did you check on the OpenSSH site?  The
vulnerability fixed in 5.8 (information leak in signed SSH keys) only
applies to versions 5.6 and 5.7 -- that's because the whole 'signed key'
thing isn't in version 5.4 at all.

I can tell you that the FreeBSD Security Team is extremely efficient and
would have had patches and security advisories out for this problem
within a matter of hours of the OpenSSH announcement *if it had been
relevant*.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matthew at infracaninophile.co.uk               Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20110316/d48257ea/signature.pgp

More information about the freebsd-questions mailing list