Date: Sat, 4 Oct 2003 21:27:59 +0100 From: "Greenshaw, Steve" <s.greenshaw@ucsm.ac.uk> To: "'freebsd-security@freebsd.org'" <freebsd-security@freebsd.org> Subject: Security Fix Confusion Message-ID: <911E4B4A51A3D3119DD600508B44B4A40840C4@ammail.ucsm.ac.uk>
next in thread | raw e-mail | index | archive | help
Hi, I'm wondering if anybody could enlighten me about the effect of tracking RELENG? When the Openssh advisory came out (SA-03:12) I allowed a few days for all issues to get ironed out and then used CVSUP to rebuild my boxes with RELENG_4_7 or RELENG_4_8 (as appropriate). The advisory says that the problem with OpenSSH is fixed by 4.7-RELEASE-p16 and a 'uname -a' of one of my 4.7 boxes shows it as being 4.7-RELEASE-p21 However, a '/usr/sbin/sshd -\?' shows the version of OpenSSH running as being OpenSSH_3.4p1. Scanning the box with Nessus warns of the security hole associated with versions of OpenSSH prior to 3.7.1p2 and warned about in SA-03:12 So, ms question is, am I actually covered by 4.7-RELEASE-p21 and Nessus is giving a false positive, or am I still potentially vulnerable? Regards, Steve. ***** CONFIDENTIALITY & SECURITY DISCLAIMER ***** Please note the contents of this e-mail do not necessarily represent the policies or views of St Martins College. This e-mail message and any attachments may contain confidential information and should only be accessed by the intended recipient. If they have come to you in error please advise the sender by replying to this email and copy your reply to postmaster@ucsm.ac.uk. In this circumstance you must not disclose, copy, distribute, use or rely on this email and you should permanently delete it. Security Warning: Please note that this e-mail has been created in the knowledge that Internet e-mail is not a 100% secure communications medium. It is advised that you understand and observe this lack of security when emailing us. Viruses: Although we have taken steps to ensure that this email and attachments are free from any virus, we cannot accept responsibility for email once it has left us. You should ensure that you have a suitable anti virus system in place and check the email upon receipt.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?911E4B4A51A3D3119DD600508B44B4A40840C4>