Date: Thu, 6 Dec 2001 17:56:11 -0600 From: Christopher Farley <chris@northernbrewer.com> To: Matthew Luckie <kluckie@ihug.co.nz> Cc: freebsd-questions@freebsd.org Subject: Re: Upgrading OpenSSH Message-ID: <20011206175609.B750@northernbrewer.com> In-Reply-To: <003b01c17eaf$fcbd1030$1400a8c0@spandex> References: <003b01c17eaf$fcbd1030$1400a8c0@spandex>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Luckie (kluckie@ihug.co.nz) wrote: > Hi > > I have a machine in the field with FreeBSD 4.1-RELEASE installed. > The OpenSSH that shipped on that machine is vulnerable to a number of > exploits. > > What is the best way to fix this machine? I am comfortable with using cvsup > and the build tools. I am happy to do a full cvsup to the system but I > anticipate that that is a bit heavy handed to fix just openssh. There may be other benefits, though, like fixing all the other major vulnerabilities that have accumulated since 4.1-RELEASE. > Should I be using one of the security branch fix trees? If you've got a production machine, you might want to track RELENG_4_4 (the security branch fix). If you have less conservative requirements and can accept the remote possibility of a bug creeping into the system, the -STABLE branch (RELENG_4) has, for me, proven to be very reliable. There are several other options for fixing OpenSSH: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01%3A63.openssh.asc -- Christopher Farley www.northernbrewer.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011206175609.B750>