FreeBSD Security Advisory FreeBSD-SA-16:33.openssh
Martin Simmons
martin at lispworks.com
Wed Nov 2 14:07:57 UTC 2016
>>>>> On Wed, 2 Nov 2016 07:55:33 +0000 (UTC), FreeBSD Security Advisories said:
>
> =============================================================================
> FreeBSD-SA-16:33.openssh Security Advisory
> The FreeBSD Project
>
> Topic: OpenSSH Remote Denial of Service vulnerability
>
> Category: contrib
> Module: OpenSSH
> Announced: 2016-11-02
> Affects: All supported versions of FreeBSD.
> Corrected: 2016-11-02 06:56:35 UTC (stable/11, 11.0-STABLE)
> 2016-11-02 07:23:19 UTC (releng/11.0, 11.0-RELEASE-p3)
> 2016-11-02 06:58:47 UTC (stable/10, 10.3-STABLE)
> 2016-11-02 07:23:36 UTC (releng/10.3, 10.3-RELEASE-p12)
> CVE Name: CVE-2016-8858
Should this be corrected in 10.1-RELEASE as well?
I ask because Debian
(https://security-tracker.debian.org/tracker/CVE-2016-8858) has marked it as
vulnerable in OpenSSH 6.0 and OpenSSH 6.7 and it looks like 10.1-RELEASE
contains OpenSSH 6.6, which I assume is also vulnerable.
__Martin
More information about the freebsd-security
mailing list