Date: Mon, 13 May 2019 19:03:35 +0200 From: Gareth de Vaux <security@lordcow.org> To: Brett Glass <brett@lariat.org> Cc: FreeBSD-security@freebsd.org Subject: Re: POC and patch for the CVE-2018-15473 Message-ID: <20190513170335.GA12973@lordcow.org> In-Reply-To: <201905131632.KAA27384@mail.lariat.net> References: <201905131551.JAA27159@mail.lariat.net> <20190513161311.GA3080@lordcow.org> <201905131632.KAA27384@mail.lariat.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon 2019-05-13 (10:32), Brett Glass wrote: > On my FreeBSD 11-STABLE boxes, the "distinfo" file for the > "openssh-portable" port shows the version as "openssh-7.9p1". So, > this is not 7.8 (which was tested with 12.0, at least, if not 11.x) > and also has not been specifically tailored for FreeBSD. Am I > likely to see any issues with the use of existing configuration > files, performance, or features? Just asking, as a precaution, to > ensure that I do not find myself with an unreachable machine if I > install on a remote server. I'm currently using it on 11-STABLE and prefer it for security reasons but that's a longer discussion. Average configurations shouldn't be affected but you can install and configure it on a different port (/usr/local/etc/ssh/sshd_config as opposed to /etc/ssh/sshd_config) and start it without killing the existing sshd so you won't get locked out. /etc/rc.conf: #sshd_enable="YES" openssh_enable="YES"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190513170335.GA12973>