Date: Fri, 9 Feb 2001 10:07:15 -0500 (EST) From: "Andrew J. Korty" <ajk@iu.edu> To: Igor Roshchin <str@giganda.komkon.org> Cc: <security@FreeBSD.ORG>, <sziszi@petra.hos.u-szeged.hu> Subject: Re: Is this a problem for us too? Message-ID: <Pine.BSF.4.32.0102090947580.21756-100000@kobayashi.uits.iupui.edu>
next in thread | raw e-mail | index | archive | help
On Fri, 9 Feb 2001 09:29:27 -0500 (EST), Igor Roshchin wrote: > > Date: Fri, 9 Feb 2001 11:47:58 +0100 > > From: Szilveszter Adam <sziszi@petra.hos.u-szeged.hu> > > > > On Fri, Feb 09, 2001 at 09:54:29AM +0000, Rasputin wrote: > > > > > > Just noticed a couple of openssh security advisories > > > on deadly.org: > > > > > > http://razor.bindview.com/publish/advisories/adv_ssh1crc.html > > > > > > Is this openbsd -specific, or related ot any openssh implementation? > > > > -CURRENT and -STABLE have 2.3.0 so they are not vulnerable. 3.x stil > > doesn't have OpenSSH at all AFAIK. The ports have just been marked > > FORBIDDEN for both ssh and openssh. Something else? No, I think we have > > covered all bases:-) > > > > Well, I believe such a message, based on some type of "hometown pride", > could be confusing to some people. > > Many people are running earlier releases of 4.x, and they do not have > 2.3.0 (e.g. 4.0-release has Open-SSH-1.2.2), and therefore are > probably vulnerable (1) . > Those who are running 3.5-STABLE and have ssh from the ports collection, > ^^^^^^ > (many people do use ssh) are probably (1) vulnerable as well. Have we forsaken 4.2-RELEASE already? It contains OpenSSH 2.2.0. -- Andrew J. Korty, Principal Security Engineer Office of the Vice President for Information Technology Indiana University To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.32.0102090947580.21756-100000>