From owner-freebsd-security Sun Mar 31 9:58:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from switchblade.cyberpunkz.org (switchblade.cyberpunkz.org [198.174.169.125]) by hub.freebsd.org (Postfix) with ESMTP id D23A537B405 for ; Sun, 31 Mar 2002 09:58:51 -0800 (PST) Received: from switchblade.cyberpunkz.org (rob@localhost.cyberpunkz.org [127.0.0.1]) by switchblade.cyberpunkz.org (8.12.2/8.12.2-rda) with ESMTP id g2VHwmIN038785 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Sun, 31 Mar 2002 11:58:49 -0600 (CST)?g (envelope-from rob@switchblade.cyberpunkz.org)œ Posted-Date: Sun, 31 Mar 2002 11:58:49 -0600 (CST) Abuse-Contact: abuse@cyberpunkz.org Received: (from rob@localhost) by switchblade.cyberpunkz.org (8.12.2/8.12.1/Submit) id g2VHwlSV038784; Sun, 31 Mar 2002 11:58:47 -0600 (CST)?g (envelope-from rob) Date: Sun, 31 Mar 2002 11:58:47 -0600 From: Rob Andrews To: Jesper Wallin Cc: security@FreeBSD.ORG Subject: Re: Why update the world because of OpenSSH? Message-ID: <20020331115847.J69105@switchblade.cyberpunkz.org> References: <4487.213.112.58.135.1017583220.squirrel@phucking.kicks-ass.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <4487.213.112.58.135.1017583220.squirrel@phucking.kicks-ass.org>; from z3l3zt@phucking.kicks-ass.org on Sun, Mar 31, 2002 at 04:00:20PM +0200 Organization: Cyberpunk Alliance Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org .- - - - - - Jesper Wallin wrote (2002/03/31 at 08:00:49 AM) - - - - - - | |> Once again I make me look like a fool.. A fool is one that stumbles around and doesn't ask the question.. |> Well, for some month ago I saw the warnings about the root exploit for |> OpenSSH here. What I never understood what, why should I update my world |> because of an OpenSSH exploit? Isn't it enought to just cvsup the ports and |> re-install OpenSSH from the ports? Well you don't always have to cvsup the src tree to update the version of openssh for posted advisories. They do post the patchs so you can just patch it into the source tree and rebuild. The other thing that you should know is that the port version does not over install the system version. So its very possible to have conflicting versions of openssh on your system. If you want the newest version of openssh running on your system then the port is of course the way to go. Sometimes new features will be introduced that you won't see in the system version until the next revision or so of freebsd. Its really a matter of what you feel comfortable running on the system. best of luck.. -- ::::::::::::=================--------------------- :|Robert Andrews :|Cyberpunk Alliance http://www.cyberpunkz.org :|Minneapolis, MN Email: rob@cyberpunkz.org Office: 763-535-6392 :::::::::::::::::::::::::::====================------------------------- US Code Title 47, Sec.227(a)(2)(B), a computer/modem/printer meets the definition of a telephone fax machine. By Sec.227(b)(1)(C), it is unlawful to send any unsolicited advertisement to such equipment. By Sec.227(b)(3)(C), a violation of the aforementioned Section is punishable by action to recover actual monetary loss, or $500, whichever is greater, for each violation. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message