From owner-freebsd-questions Thu Dec 6 15:41:25 2001 Delivered-To: freebsd-questions@freebsd.org Received: from smtp1.ihug.co.nz (smtp1.ihug.co.nz [203.109.252.7]) by hub.freebsd.org (Postfix) with ESMTP id 4FDBA37B416 for ; Thu, 6 Dec 2001 15:41:20 -0800 (PST) Received: from spandex (203-173-203-179.nzwide.ihug.co.nz [203.173.203.179]) by smtp1.ihug.co.nz (8.9.3/8.9.3/Debian 8.9.3-21) with SMTP id MAA29001; Fri, 7 Dec 2001 12:41:16 +1300 X-Authentication-Warning: smtp1.ihug.co.nz: Host 203-173-203-179.nzwide.ihug.co.nz [203.173.203.179] claimed to be spandex Message-ID: <003b01c17eaf$fcbd1030$1400a8c0@spandex> From: "Matthew Luckie" To: Cc: "Matthew Luckie" Subject: Upgrading OpenSSH Date: Fri, 7 Dec 2001 12:44:44 +1300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi I have a machine in the field with FreeBSD 4.1-RELEASE installed. The OpenSSH that shipped on that machine is vulnerable to a number of exploits. What is the best way to fix this machine? I am comfortable with using cvsup and the build tools. I am happy to do a full cvsup to the system but I anticipate that that is a bit heavy handed to fix just openssh. Should I be using one of the security branch fix trees? fwiw, i downloaded the openssh-3.0.2p1 source and config'd that but unfortunately the ssl libs on the machine are out of date. Suggestions? Matthew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message