Date: Thu, 22 Jan 2004 21:10:51 +0100 From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=) To: David.E.Tweten@nasa.gov Cc: freebsd-stable@freebsd.org Subject: Re: OpenSSH Vulnerable Prior to 3.7.1 Message-ID: <xzpektrwxpw.fsf@dwp.des.no> In-Reply-To: <2721.1074800988@gilmore.nas.nasa.gov> (Dave Tweten's message of "Thu, 22 Jan 2004 11:49:48 -0800") References: <2721.1074800988@gilmore.nas.nasa.gov>
next in thread | previous in thread | raw e-mail | index | archive | help
Dave Tweten <tweten@nas.nasa.gov> writes: > I understand that FreeBSD patches old versions of OpenSSH instead of > substituting new ones, That depends, but upgrading is generally a lot more work (and introduces other risks). It is however highly unlikely that we will ever upgrade OpenSSH in 4.x to 3.7.1, as it does not support Kerberos IV, which we still want to support in 4.x. > but my question is whether sshd version > "OpenSSH_3.5p1 FreeBSD-20030924" has these vulnerabilities fixed. We do not know of any vulnerabilities in FreeBSD-STABLE's OpenSSH. If you have any information we don't, we'd be very much obliged if you could forward it to <secteam@freebsd.org>. > Is it > as secure as OpenSSH 3.7.1? As far as we know, yes. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpektrwxpw.fsf>