Date: Wed, 3 Jul 2024 10:06:47 +0300 From: Christos Chatzaras <chris@cretaforce.gr> To: questions@freebsd.org Subject: Re: Close OpenSSH hole on a supported server without shutting down? Message-ID: <0F399C03-5C48-4BD2-BBC0-010FC8D2F4E7@cretaforce.gr> In-Reply-To: <34091912-ef54-4310-bf91-ec8a27679916@netfence.it> References: <202407030050.SAA06884@mail.lariat.net> <34091912-ef54-4310-bf91-ec8a27679916@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 3 Jul 2024, at 09:42, Andrea Venturoli <ml@netfence.it> wrote: >=20 > On 7/3/24 02:50, Brett Glass wrote: >> Hello! >=20 > Same question here, but for supported versions (13.3 and 14.x). >=20 > Is the following enough? >=20 >> cd /usr/src >> make buildworld >> cd /usr/src/secure/usr.sbin/sshd/ >> make install >> cd /usr/src/secure/lib/libssh/ >> make install >> service sshd restart >=20 > bye & Thanks > av. >=20 > P.S. > Out of mere curiosity: > _ all articles I read say that this is a vulnerability found in = OpenSSH=E2=80=99s server in *glibc-based* Linux systems; > _ I would desume that non-glibc-based systems are not vulnerable; > _ but FreeBSD is??? >=20 Here are the commands I used: gitup release cd /usr/src/secure/usr.sbin/sshd/ make all make install cd /usr/src/secure/lib/libssh/ make all make install Before running these commands, the date was "OpenSSH_9.6 = FreeBSD-20240104," and after executing them, the date updated to = "OpenSSH_9.6 FreeBSD-20240701." To be certain, I plan to do a full rebuild today.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0F399C03-5C48-4BD2-BBC0-010FC8D2F4E7>