From owner-freebsd-questions@FreeBSD.ORG Sun Feb 26 02:32:58 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A735616A420 for ; Sun, 26 Feb 2006 02:32:58 +0000 (GMT) (envelope-from ldrada@gmail.com) Received: from nproxy.gmail.com (nproxy.gmail.com [64.233.182.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id EBD9843D45 for ; Sun, 26 Feb 2006 02:32:57 +0000 (GMT) (envelope-from ldrada@gmail.com) Received: by nproxy.gmail.com with SMTP id n15so492451nfc for ; Sat, 25 Feb 2006 18:32:56 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=i1LuI2N1LNKRc+511O44H1Xhu1AK+da1TA8ydMV8U0wbCF3KDgxdckB0ENs0EsTsLIPZB584L64xyxic9nkLbvqPqmOyDmWjjlo1wQbEkAsE0BwVtS01lBeecSoDciihpxnbJZGghL3Geu9we7xk+EY+JgGU3GiG1lQXEr3DQlM= Received: by 10.49.41.4 with SMTP id t4mr1043882nfj; Sat, 25 Feb 2006 18:32:56 -0800 (PST) Received: by 10.48.108.10 with HTTP; Sat, 25 Feb 2006 18:32:56 -0800 (PST) Message-ID: <5ceb5d550602251832ub56fe77j9e0936121de5b02a@mail.gmail.com> Date: Sun, 26 Feb 2006 03:32:56 +0100 From: "Daniel A." To: "Giorgos Keramidas" In-Reply-To: <20060226022316.GA56261@flame.pc> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <5ceb5d550602251625s59a07426va95de19bb48cb969@mail.gmail.com> <20060226022316.GA56261@flame.pc> Cc: freebsd-questions@freebsd.org Subject: Re: Updating OpenSSH X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Feb 2006 02:32:58 -0000 So, basically, if I want the newest version of OpenSSH running on my system, I have to not use the one shipped with 6.0-RELEASE, and install OpenSSH from ports? On 2/26/06, Giorgos Keramidas wrote: > On 2006-02-26 01:25, "Daniel A." wrote: > > Hi, quick question. > > How do I update the OpenSSH which ships with FreeBSD6.0-RELEASE by defa= ult? > > > > It's just that I dont feel secure running an old version (4.2p1) of > > OpenSSH when there is a newer (4.3) version available. > > To get security fixes, you have to update the base system to at least > one of the security branches or 6-STABLE. > > The differences of /usr/src/UPDATING between RELENG_6_0_0_RELEASE (which > marks the 6.0-RELEASE in CVS) and the RELENG_6_0 branch are currently: > > # Index: UPDATING > # =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > # RCS file: /home/ncvs/src/UPDATING,v > # retrieving revision 1.416.2.3.2.5 > # retrieving revision 1.416.2.3.2.9 > # diff -u -r1.416.2.3.2.5 -r1.416.2.3.2.9 > # --- UPDATING 1 Nov 2005 23:43:49 -0000 1.416.2.3.2.5 > # +++ UPDATING 25 Jan 2006 10:01:25 -0000 1.416.2.3.2.9 > # @@ -8,6 +8,37 @@ > # /usr/ports/UPDATING. Please read that file before running > # portupgrade. > # > # +20060125: p4 FreeBSD-SA-06:06.kmem, FreeBSD-SA-06:07.pf > # + Make sure buffers in if_bridge are fully initialized before > # + copying them to userland. Correct a logic error which could > # + allow too much data to be copied into userland. [06:06] > # + > # + Correct an error in pf handling of IP packet fragments which > # + could result in a kernel panic. [06:07] > # + > # +20060118: p3 FreeBSD-SA-06:05.80211 > # + Correct a buffer overflow when scanning for 802.11 wireless > # + networks which can be provoked by corrupt beacon or probe > # + response frames. > # + > # +20060111: p2 FreeBSD-SA-06:01.texindex, FreeBSD-SA-06:02.ee, > # + FreeBSD-SA-06:03.cpio, FreeBSD-SA-06:04.ipfw > # + Correct insecure temporary file usage in texindex. [06:01] > # + > # + Correct insecure temporary file usage in ee. [06:02] > # + > # + Correct a race condition when setting file permissions, > # + sanitize file names by default, and fix a buffer overflow > # + when handling files larger than 4GB in cpio. [06:03] > # + > # + Fix an error in the handling of IP fragments in ipfw which > # + can cause a kernel panic. [06:04] > # + > # +20051219: p1 FreeBSD-EN-05:04.nfs > # + Correct a locking issue in nfs_lookup() where a call to vrele() > # + might be made while holding the vnode mutex, which resulted > # + in kernel panics under certain load patterns. > # + > # 20051101: > # FreeBSD 6.0-RELEASE > # > # @@ -404,4 +435,4 @@ > # Contact Warner Losh if you have any questions about your use of > # this document. > # > # -$FreeBSD: src/UPDATING,v 1.416.2.3.2.5 2005/11/01 23:43:49 scottl Exp = $ > # +$FreeBSD: src/UPDATING,v 1.416.2.3.2.9 2006/01/25 10:01:25 cperciva Ex= p $ > > Since there haven't been any security fixes for OpenSSH in the RELENG_6_0 > branch, I think you can safely assume it's ok to keep using this OpenSSH > version. > > As a general principle though, you should definitely check the announceme= nts > of the security team, at: > > http://www.FreeBSD.org/security/ > > and decide for yourself when you need to update, how to update, etc. > > - Giorgos > >