Date: Sun, 31 Mar 2002 11:58:47 -0600 From: Rob Andrews <rob@cyberpunkz.org> To: Jesper Wallin <z3l3zt@phucking.kicks-ass.org> Cc: security@FreeBSD.ORG Subject: Re: Why update the world because of OpenSSH? Message-ID: <20020331115847.J69105@switchblade.cyberpunkz.org> In-Reply-To: <4487.213.112.58.135.1017583220.squirrel@phucking.kicks-ass.org>; from z3l3zt@phucking.kicks-ass.org on Sun, Mar 31, 2002 at 04:00:20PM %2B0200 References: <4487.213.112.58.135.1017583220.squirrel@phucking.kicks-ass.org>
next in thread | previous in thread | raw e-mail | index | archive | help
.- - - - - - Jesper Wallin wrote (2002/03/31 at 08:00:49 AM) - - - - - - | |> Once again I make me look like a fool.. A fool is one that stumbles around and doesn't ask the question.. |> Well, for some month ago I saw the warnings about the root exploit for |> OpenSSH here. What I never understood what, why should I update my world |> because of an OpenSSH exploit? Isn't it enought to just cvsup the ports and |> re-install OpenSSH from the ports? Well you don't always have to cvsup the src tree to update the version of openssh for posted advisories. They do post the patchs so you can just patch it into the source tree and rebuild. The other thing that you should know is that the port version does not over install the system version. So its very possible to have conflicting versions of openssh on your system. If you want the newest version of openssh running on your system then the port is of course the way to go. Sometimes new features will be introduced that you won't see in the system version until the next revision or so of freebsd. Its really a matter of what you feel comfortable running on the system. best of luck.. -- ::::::::::::=================--------------------- :|Robert Andrews :|Cyberpunk Alliance http://www.cyberpunkz.org :|Minneapolis, MN Email: rob@cyberpunkz.org Office: 763-535-6392 :::::::::::::::::::::::::::====================------------------------- US Code Title 47, Sec.227(a)(2)(B), a computer/modem/printer meets the definition of a telephone fax machine. By Sec.227(b)(1)(C), it is unlawful to send any unsolicited advertisement to such equipment. By Sec.227(b)(3)(C), a violation of the aforementioned Section is punishable by action to recover actual monetary loss, or $500, whichever is greater, for each violation. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020331115847.J69105>