From owner-freebsd-security@freebsd.org Mon May 13 16:32:31 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 42E651594376 for ; Mon, 13 May 2019 16:32:31 +0000 (UTC) (envelope-from brett@lariat.org) Received: from mail.lariat.net (mail.lariat.net [66.62.230.51]) by mx1.freebsd.org (Postfix) with ESMTP id 57D7689725 for ; Mon, 13 May 2019 16:32:30 +0000 (UTC) (envelope-from brett@lariat.org) Received: from Toshi.lariat.org (IDENT:ppp1000.lariat.net@localhost [127.0.0.1]) by mail.lariat.net (8.9.3/8.9.3) with ESMTP id KAA27384; Mon, 13 May 2019 10:32:21 -0600 (MDT) Message-Id: <201905131632.KAA27384@mail.lariat.net> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Mon, 13 May 2019 10:32:05 -0600 To: Gareth de Vaux From: Brett Glass Subject: Re: POC and patch for the CVE-2018-15473 Cc: FreeBSD-security@freebsd.org In-Reply-To: <20190513161311.GA3080@lordcow.org> References: <201905131551.JAA27159@mail.lariat.net> <20190513161311.GA3080@lordcow.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Rspamd-Queue-Id: 57D7689725 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of brett@lariat.org designates 66.62.230.51 as permitted sender) smtp.mailfrom=brett@lariat.org X-Spamd-Result: default: False [-0.61 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.90)[-0.898,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[lariat.org]; NEURAL_HAM_LONG(-0.74)[-0.745,0]; NEURAL_SPAM_SHORT(0.76)[0.759,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: mail.lariat.org]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-0.01)[country: US(-0.06)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:19092, ipnet:66.62.228.0/22, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 May 2019 16:32:31 -0000 At 10:13 AM 5/13/2019, you wrote: >On Mon 2019-05-13 (09:51), Brett Glass wrote: > > Is the FreeBSD port of OpenSSH 7.8 available for FreeBSD 11-STABLE > > from the ports collection and as a binary package? If not, shouldn't it be? > >Yes, you can use the original at /usr/ports/security/openssh-portable On my FreeBSD 11-STABLE boxes, the "distinfo" file for the "openssh-portable" port shows the version as "openssh-7.9p1". So, this is not 7.8 (which was tested with 12.0, at least, if not 11.x) and also has not been specifically tailored for FreeBSD. Am I likely to see any issues with the use of existing configuration files, performance, or features? Just asking, as a precaution, to ensure that I do not find myself with an unreachable machine if I install on a remote server. --Brett Glass