From nobody Tue Dec 19 21:33:59 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Svqh80Dw3z54yxl for ; Tue, 19 Dec 2023 21:34:00 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Svqh73zGjz3M1g; Tue, 19 Dec 2023 21:33:59 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1703021639; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=lDSqMFce4RNbcVljKn9SBDhrdpnIZFgfQ8hB/J13wZ4=; b=ySx+Ipy8a4Z9lLT/D8gBRxROQz4IXx+LSdx12Lsxu9EU59Zo8XfXbl+mWuD7Vw2oXftZaa 4+tefVrkp58HYPtDvorFDYd25ezpgmpA5rBma927XRbW66UHJEaQDTngHqHyvXDHnesNUB qy7txz0frauDlSnewKYT9+IF8eTlTAlvP+5Iv4Zzh+Xhd9BiFfkNtgWa/z5HGO75R9ogmj +QcpAODtzdkQfnaCMUgr+ZCAhYK12fFOcbCBShs1pKYmZwisaXaXCxHjbPdneUCW6e/8kU QkJV+gl9otmWOcshv3vsFBy9kXvE+iwNSCb6n/fre26mL2gST/MXpNOKJEP4cg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1703021639; a=rsa-sha256; cv=none; b=xF1zhiV4eCUXw8cXzz0Q5BPkw/KgGVVELcmMT8h4msGu+H99Ha/JTEhE1HAhF9G6WZD107 xcPSkjShJ6gsxlseT6lgmAlH5rzwSjbzAsmW3/y9AWTAiFSso87XpRDDwNi7NiDPHurtrg WQ+Bt3cR+gBtYRuK2I5UHSWSdbbJ1DhKatfsyF0RE4xxrHatXq8K3oQf2PZEioraY2QGxR zojtzIy96VkpCuTJBKRZnQ8+8S6QZhGdUeaSSbLO5dO+8e1cBOE5Cs1rUpWTsgIri2guzP aaBzvQlkXcI+rtUnX1hckDmfLT87hEM34Q4GorWdDxKWazW9Yh9wa41ZbpDOwg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1703021639; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=lDSqMFce4RNbcVljKn9SBDhrdpnIZFgfQ8hB/J13wZ4=; b=HAh1ESUgy2PpLyInmG1Hn6/IOU7CDDA0TKkS+x4DvHqy9AJBogAnY1H9KaDZYJAszQ4rXh g78nFcG2ssKLglY6woCNAB4uCR6Bw1/k0+r/WMcpvI/5Vh7p1zkDYgZjfbopDNLUO8iexX oZGVfQpCsmXuvzhLlxZwxT1bUsAZHuTZrkeTncYu+lx/+4SnZ+04Rb0ryGyeH9LOfirea/ AW/cH4toae50xKWcqZcG7uki68i/Kjeqmvz7NIGILOXoR7/gdUeVzurgV3gtBmk7ks1kv0 LUZEHEMF47p5494bvesDyeNss8MDu2YoYLg67w9snh9zXcKIcXVq+6cewv7AaA== Received: by freefall.freebsd.org (Postfix, from userid 945) id 72BC6C064; Tue, 19 Dec 2023 21:33:59 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-23:19.openssh Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20231219213359.72BC6C064@freefall.freebsd.org> Date: Tue, 19 Dec 2023 21:33:59 +0000 (UTC) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:19.openssh Security Advisory The FreeBSD Project Topic: Prefix Truncation Attack in the SSH protocol Category: contrib Module: openssh Announced: 2023-12-19 Credits: Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk Affects: All supported versions of FreeBSD. Corrected: 2023-12-18 16:54:31 UTC (stable/14, 14.0-STABLE) 2023-12-19 20:19:48 UTC (releng/14.0, 14.0-RELEASE-p4) 2023-12-18 17:10:15 UTC (stable/13, 13.2-STABLE) 2023-12-19 20:19:57 UTC (releng/13.2, 13.2-RELEASE-p9) CVE Name: CVE-2023-48795 Note: While this issue does affect 12.4-STABLE and 12.4-RELEASE, the version of OpenSSH in 12.4 is old enough the vendor provided patch does not cleanly apply. As 12.4 goes out of support at the end of December and in order to quickly get fixes out for 14.0 and 13.2, the FreeBSD Security Team is issuing this advisory now while feasibility of a 12.4 backport is investigated. Users with 12.4 are encouraged to either implement the documented workaround or leverage an up to date version of OpenSSH from the ports/pkg collection. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background OpenSSH is an implementation of the SSH protocol suite, providing an encrypted and authenticated transport for a variety of services, including remote shell access. II. Problem Description The SSH protocol executes an initial handshake between the server and the client. This protocol handshake includes the possibility of several extensions allowing different options to be selected. Validation of the packets in the handshake is done through sequence numbers. III. Impact A man in the middle attacker can silently manipulate handshake messages to truncate extension negotiation messages potentially leading to less secure client authentication algorithms or deactivating keystroke timing attack countermeasures. IV. Workaround Add the following lines to /etc/ssh_config and /etc/sshd_config: Ciphers -chacha20-poly1305@openssh.com MACs -*etm@openssh.com V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platfrom on FreeBSD 13 and earlier, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-23:19/openssh.patch # fetch https://security.FreeBSD.org/patches/SA-23:19/openssh.patch.asc # gpg --verify openssh.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart the applicable daemons, or reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/14/ 673d1ead65c9 stable/14-n266020 releng/14.0/ b9856d61e99d releng/14.0-n265399 stable/13/ 3bafcb9744c9 stable/13-n256910 releng/13.2/ 69bd68ba30c0 releng/13.2-n254651 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmWB/ZIACgkQbljekB8A Gu8exRAA5OqnHpTSa3cPpnfBJNyJsWqD1bry8M8fxt6OpD3b8l/pVnH6HMaUSdQ/ K4SebhwVJgq4sIfTILWey5X3EKOsp2CpRZb6K+h7iKtrGdDVbXWQj7Dbi5/cCTy6 hdCSWqFwGJq/FpX15osAa2eEhv9DizE6jmYJ6YwnAfqLvvDSCVbtjeWs6wBJHeH3 q5jlvdiAT64fhWBpC51MeLShLDG95hJEHAfloVaN0asAs0jYj73XFzcoPv+1Cf8J qURC5d6KlGYTyaF2ltiQTtssB8I+vhb+GQOyk01t4oyUPnU3myTiooW873xE0321 as1UeXmzTjuaD/V/5QFawIWbnKOKoVP745llvDyJsF0dLf2Se45vndRH3fP7CdVK SPy3/u1ohkwNlm11RmeKSm2LbCa4RUwGZ3CqnEQ+dgYa6HBTATP68rWsaL4kIR/b N30AGeW8xMbhTSFsHYNn3rQ+2RnHCzlSN7eKGfdd9yBVwsRls0ckVVgldmyR26lQ 7eYCbFMAdSCL45qKgYNww8PWSB1ge7AxnlC1MHPAct+kr6TrBwG4b6SAlI7GiDRP zzqOG2o6k2pEetvn3suLmoMYmmBVZYwzITHUFvyEF1UwF00QCa68xoUW0s2haWnJ riv7Wewt8m/vUXQ2ad2noElL31hdoRusaKCKVIVOKsCCvwAB/WI= =RQjY -----END PGP SIGNATURE----- From nobody Tue Dec 19 22:08:02 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SvrRR2Pshz555Fy for ; Tue, 19 Dec 2023 22:08:03 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [IPv6:2607:f3e0:0:1::12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smarthost1.sentex.ca", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SvrRQ4VXlz3KTK for ; Tue, 19 Dec 2023 22:08:02 +0000 (UTC) (envelope-from mike@sentex.net) Authentication-Results: mx1.freebsd.org; none Received: from pyroxene2a.sentex.ca (pyroxene19.sentex.ca [199.212.134.19]) by smarthost1.sentex.ca (8.17.1/8.16.1) with ESMTPS id 3BJM82tN080664 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=FAIL) for ; Tue, 19 Dec 2023 17:08:02 -0500 (EST) (envelope-from mike@sentex.net) Received: from [IPV6:2607:f3e0:0:4:d90c:8066:87b0:db83] ([IPv6:2607:f3e0:0:4:d90c:8066:87b0:db83]) by pyroxene2a.sentex.ca (8.17.1/8.15.2) with ESMTPS id 3BJM80sP044174 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO) for ; Tue, 19 Dec 2023 17:08:00 -0500 (EST) (envelope-from mike@sentex.net) Message-ID: <4e612479-c310-4909-b010-673e68d980e3@sentex.net> Date: Tue, 19 Dec 2023 17:08:02 -0500 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: FreeBSD Security Advisory FreeBSD-SA-23:19.openssh Content-Language: en-US To: freebsd-security@freebsd.org References: <20231219213359.5BD3DC284@freefall.freebsd.org> From: mike tancsa Autocrypt: addr=mike@sentex.net; keydata= xsBNBFywzOMBCACoNFpwi5MeyEREiCeHtbm6pZJI/HnO+wXdCAWtZkS49weOoVyUj5BEXRZP xflV2ib2hflX4nXqhenaNiia4iaZ9ft3I1ebd7GEbGnsWCvAnob5MvDZyStDAuRxPJK1ya/s +6rOvr+eQiXYNVvfBhrCfrtR/esSkitBGxhUkBjOti8QwzD71JVF5YaOjBAs7jZUKyLGj0kW yDg4jUndudWU7G2yc9GwpHJ9aRSUN8e/mWdIogK0v+QBHfv/dsI6zVB7YuxCC9Fx8WPwfhDH VZC4kdYCQWKXrm7yb4TiVdBh5kgvlO9q3js1yYdfR1x8mjK2bH2RSv4bV3zkNmsDCIxjABEB AAHNHW1pa2UgdGFuY3NhIDxtaWtlQHNlbnRleC5uZXQ+wsCOBBMBCAA4FiEEmuvCXT0aY6hs 4SbWeVOEFl5WrMgFAl+pQfkCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQeVOEFl5W rMiN6ggAk3H5vk8QnbvGbb4sinxZt/wDetgk0AOR9NRmtTnPaW+sIJEfGBOz47Xih+f7uWJS j+uvc9Ewn2Z7n8z3ZHJlLAByLVLtcNXGoRIGJ27tevfOaNqgJHBPbFOcXCBBFTx4MYMM4iAZ cDT5vsBTSaM36JZFtHZBKkuFEItbA/N8ZQSHKdTYMIA7A3OCLGbJBqloQ8SlW4MkTzKX4u7R yefAYQ0h20x9IqC5Ju8IsYRFacVZconT16KS81IBceO42vXTN0VexbVF2rZIx3v/NT75r6Vw 0FlXVB1lXOHKydRA2NeleS4NEG2vWqy/9Boj0itMfNDlOhkrA/0DcCurMpnpbM7ATQRcsMzk AQgA1Dpo/xWS66MaOJLwA28sKNMwkEk1Yjs+okOXDOu1F+0qvgE8sVmrOOPvvWr4axtKRSG1 t2QUiZ/ZkW/x/+t0nrM39EANV1VncuQZ1ceIiwTJFqGZQ8kb0+BNkwuNVFHRgXm1qzAJweEt RdsCMohB+H7BL5LGCVG5JaU0lqFU9pFP40HxEbyzxjsZgSE8LwkI6wcu0BLv6K6cLm0EiHPO l5G8kgRi38PS7/6s3R8QDsEtbGsYy6O82k3zSLIjuDBwA9GRaeigGppTxzAHVjf5o9KKu4O7 gC2KKVHPegbXS+GK7DU0fjzX57H5bZ6komE5eY4p3oWT/CwVPSGfPs8jOwARAQABwsB2BBgB CAAgFiEEmuvCXT0aY6hs4SbWeVOEFl5WrMgFAl+pQfkCGwwACgkQeVOEFl5WrMiVqwf9GwU8 c6cylknZX8QwlsVudTC8xr/L17JA84wf03k3d4wxP7bqy5AYy7jboZMbgWXngAE/HPQU95NM aukysSnknzoIpC96XZJ0okLBXVS6Y0ylZQ+HrbIhMpuQPoDweoF5F9wKrsHRoDaUK1VR706X rwm4HUzh7Jk+auuMYfuCh0FVlFBEuiJWMLhg/5WCmcRfiuB6F59ZcUQrwLEZeNhF2XJV4KwB Tlg7HCWO/sy1foE5noaMyACjAtAQE9p5kGYaj+DuRhPdWUTsHNuqrhikzIZd2rrcMid+ktb0 NvtvswzMO059z1YGMtGSqQ4srCArju+XHIdTFdiIYbd7+jeehg== In-Reply-To: <20231219213359.5BD3DC284@freefall.freebsd.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.84 on 64.7.153.18 X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:11647, ipnet:2607:f3e0::/32, country:CA] X-Spamd-Bar: ---- X-Rspamd-Queue-Id: 4SvrRQ4VXlz3KTK On 12/19/2023 4:33 PM, FreeBSD Security Advisories wrote: > with 12.4 are encouraged to either implement the documented workaround or > leverage an up to date version of OpenSSH from the ports/pkg collection. Hi, Is the version of security/openssh-portable not vulnerable to this issue too ? I dont see any update since Oct     ---Mike From nobody Wed Dec 20 03:11:51 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SvzBG2mRfz54cW9 for ; Wed, 20 Dec 2023 03:12:06 +0000 (UTC) (envelope-from gordon@tetlows.org) Received: from mr85p00im-zteg06011501.me.com (mr85p00im-zteg06011501.me.com [17.58.23.182]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4SvzBF4Y68z4T7t for ; Wed, 20 Dec 2023 03:12:05 +0000 (UTC) (envelope-from gordon@tetlows.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tetlows.org header.s=sig1 header.b=SBoqr+YW; spf=pass (mx1.freebsd.org: domain of gordon@tetlows.org designates 17.58.23.182 as permitted sender) smtp.mailfrom=gordon@tetlows.org; dmarc=pass (policy=quarantine) header.from=tetlows.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tetlows.org; s=sig1; t=1703041923; bh=25uJUZiO4Rq2vtPUsuOggLTTWrzFqSVPgK+Ek+5CB9c=; h=Content-Type:From:Mime-Version:Subject:Message-Id:Date:To; b=SBoqr+YWyWCFKQrjeP7s5dxa7kTVi/4qUZz0rv9Bnxwtd4ij+OKMjREEA8/R8/xz5 7qdEPwD0l2G95WUytJ1Rk69sjW1R0E6e19N9khD99pd4UcoJLwxA9ZwO9pecwveGIs R5oYAEOFl9loOud4js4JeoNC2uLXG58Lk7WBH8sxaE0AADg2VpHWXKJU+NmlReA3Ni Fw+SBEdZrOd6fPApN/XdPh2CzieXxkiYGvsPXfFmQMaZCz9J5+rwMZLSar1FOGVaRi RpH8kvC4NpaYMb5pSFw9OSvCvh8ML9/zuPiROw1oykcopgplXB9b5wtvJJoUH3+16q NXy8iE0gXcZcw== Received: from smtpclient.apple (mr38p00im-dlb-asmtp-mailmevip.me.com [17.57.152.18]) by mr85p00im-zteg06011501.me.com (Postfix) with ESMTPSA id 1ABDA4800A8; Wed, 20 Dec 2023 03:12:03 +0000 (UTC) Content-Type: multipart/alternative; boundary=Apple-Mail-16364797-F70B-490B-8BD2-D1F1CF5ED527 Content-Transfer-Encoding: 7bit From: Gordon Tetlow List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org Mime-Version: 1.0 (1.0) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-23:19.openssh Message-Id: <75D32904-562B-473D-B6DF-AA7237276138@tetlows.org> Date: Tue, 19 Dec 2023 19:11:51 -0800 Cc: freebsd-security@freebsd.org To: mike tancsa X-Mailer: iPhone Mail (21B101) X-Proofpoint-GUID: W2iWU98t2jRI_msnLgX8jAWYQd89Bwds X-Proofpoint-ORIG-GUID: W2iWU98t2jRI_msnLgX8jAWYQd89Bwds X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-19_15,2023-12-14_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 clxscore=1030 malwarescore=0 phishscore=0 mlxlogscore=963 mlxscore=0 adultscore=0 spamscore=0 bulkscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2308100000 definitions=main-2312200019 X-Spamd-Result: default: False [-2.70 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; FAKE_REPLY(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; MV_CASE(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[tetlows.org,quarantine]; RWL_MAILSPIKE_VERYGOOD(-0.20)[17.58.23.182:from]; R_DKIM_ALLOW(-0.20)[tetlows.org:s=sig1]; R_SPF_ALLOW(-0.20)[+ip4:17.58.0.0/16]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_IN_DNSWL_LOW(-0.10)[17.58.23.182:from]; ONCE_RECEIVED(0.10)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; FREEFALL_USER(0.00)[gordon]; FROM_HAS_DN(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; ASN(0.00)[asn:714, ipnet:17.58.16.0/20, country:US]; DKIM_TRACE(0.00)[tetlows.org:+]; TO_DN_SOME(0.00)[]; ARC_NA(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_ALL(0.00)[] X-Rspamd-Queue-Id: 4SvzBF4Y68z4T7t X-Spamd-Bar: -- --Apple-Mail-16364797-F70B-490B-8BD2-D1F1CF5ED527 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable =EF=BB=BF > On Dec 19, 2023, at 14:08, mike tancsa wrote: > =EF=BB=BFOn 12/19/2023 4:33 PM, FreeBSD Security Advisories wrote: >> with 12.4 are encouraged to either implement the documented workaround or= >> leverage an up to date version of OpenSSH from the ports/pkg collection. >=20 > Hi, >=20 > Is the version of security/openssh-portable not vulnerable to this issue t= oo ? I dont see any update since Oct I=E2=80=99ve posted a review for an update to 9.6p1: https://reviews.freebsd= .org/D43132 Gordon= --Apple-Mail-16364797-F70B-490B-8BD2-D1F1CF5ED527 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
=EF=BB=BF


O= n Dec 19, 2023, at 14:08, mike tancsa <mike@sentex.net> wrote:

=
=EF=BB=BFOn 12/19/2023 4:33 PM, FreeBSD Security Advisories wrote:
with 12.4 are encouraged to either implement the do= cumented workaround or
leverage an up to date version of OpenSSH from the ports/pkg collection.

Hi,

= Is the version of security/openssh-portable not vulnerable to this iss= ue too ? I dont see any update since Oct

I=E2=80=99ve posted a review for an update to 9.6p1: https://reviews.freebsd.org/D43132

Gordon=
= --Apple-Mail-16364797-F70B-490B-8BD2-D1F1CF5ED527--