Date: Sun, 26 May 2002 16:27:47 -0700 (PDT) From: Geir Råness <freebsd@pulz.no> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/38592: Bug in ssh2 in the ports ! Message-ID: <200205262327.g4QNRlr7022672@www.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 38592 >Category: ports >Synopsis: Bug in ssh2 in the ports ! >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun May 26 16:30:02 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Geir Råness >Release: 4.5 >Organization: >Environment: FreeBSD pulz.mine.nu 4.5-STABLE FreeBSD 4.5-STABLE #0: Mon Apr 22 15:44:46 CEST 2002 geir@pulz.soulcollector.org.uk:/usr/obj/usr/src/sys/PULZ i386 >Description: There has been found and bug in the ssh 3.0.1 to 3.1.0 series. And if you look in ssh2 ports dir, you will see it juse 3.1.0. If you dont conf your config file right, you would be vuln to this bug. Read about it here http://online.securityfocus.com/archive/1/273840/2002-05-23/2002-05-29/0 http://www.ssh.com/products/ssh/advisories/authentication.cfm The maintainer of this port has also been notified about this problem. So at last, i would like to have this port marked as forbidden. And the maintainer shuld update it ! >How-To-Repeat: Install ssh2 3.1.0 and juse standar conf ? ;) >Fix: Either conf your config file right. Patch your current ssh, or you shuld upgraded to the newest version. That is 3.1.2 at this time. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205262327.g4QNRlr7022672>