From owner-freebsd-questions@FreeBSD.ORG  Fri Feb 25 20:06:53 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C694016A4CE
	for <freebsd-questions@freebsd.org>;
	Fri, 25 Feb 2005 20:06:53 +0000 (GMT)
Received: from mail.gmx.net (mail.gmx.de [213.165.64.20])
	by mx1.FreeBSD.org (Postfix) with SMTP id BA41F43D1D
	for <freebsd-questions@freebsd.org>;
	Fri, 25 Feb 2005 20:06:52 +0000 (GMT)
	(envelope-from ph.schulz@gmx.de)
Received: (qmail invoked by alias); 25 Feb 2005 20:06:51 -0000
Received: from dsl-084-056-232-125.arcor-ip.net (EHLO [192.168.1.4])
	(84.56.232.125)
	by mail.gmx.net (mp027) with SMTP; 25 Feb 2005 21:06:51 +0100
X-Authenticated: #1954550
Message-ID: <421F85A3.1060406@gmx.de>
Date: Fri, 25 Feb 2005 21:08:03 +0100
From: Phil Schulz <ph.schulz@gmx.de>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.3) Gecko/20041217
X-Accept-Language: de, en-us, en
MIME-Version: 1.0
To: David Newman <wo_shi_big_stomach@yahoo.com>
References: <20050225195523.13893.qmail@web90103.mail.scd.yahoo.com>
In-Reply-To: <20050225195523.13893.qmail@web90103.mail.scd.yahoo.com>
X-Enigmail-Version: 0.89.5.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
cc: freebsd-questions@freebsd.org
Subject: Re: updating system version of OpenSSH
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Feb 2005 20:06:53 -0000

On 02/25/05 20:55, David Newman wrote:
> What is the procedure for patching/updating system
> version of OpenSSH on an FBSD 5.2.1 box?
> 

If you can't afford to upgrade the base OS and you do not want to 
install OpenSSH from the ports, then you'll need to specify what 
vulnerability you are talking about.

I checked the FreeBSD security advisories which *could* apply to your 
problem and it seems that FreeBSD-SA-04:05.openssl is the one you might 
be talking about. A patch is included with the advisory along with 
instructions on how to apply the patch and fix the issue.

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc

Regards,

Phil.

> I used the excellent Rootkit Hunter security
> assessment tool:
> 
> http://www.rootkit.nl/projects/rootkit_hunter.html
> 
> and it found that I'm running OpenSSH 3.6.1p1, which
> has at least one vulnerability.
> 
> I only know how to install/upgrade from ports. OpenSSH
> is part of the ports collection, but the build I'm
> running was included with the OS. 
> 
> What's the right way to proceed here?
> 
> thanks
> 
> /wsbs
>