From owner-freebsd-security Wed Dec 20 11:33:34 2000 From owner-freebsd-security@FreeBSD.ORG Wed Dec 20 11:33:32 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 4959337B400 for ; Wed, 20 Dec 2000 11:33:31 -0800 (PST) Received: by peitho.fxp.org (Postfix, from userid 1501) id 888631360E; Wed, 20 Dec 2000 14:33:28 -0500 (EST) Date: Wed, 20 Dec 2000 14:33:28 -0500 From: Chris Faulhaber To: Slawek Zak Cc: freebsd-security@freebsd.org Subject: Re: SSH update Message-ID: <20001220143328.A9618@peitho.fxp.org> Mail-Followup-To: Chris Faulhaber , Slawek Zak , freebsd-security@freebsd.org References: <87k88u99nz.fsf@pf39.warszawa.sdi.tpnet.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <87k88u99nz.fsf@pf39.warszawa.sdi.tpnet.pl>; from zaks@prioris.mini.pw.edu.pl on Wed, Dec 20, 2000 at 08:26:08PM +0100 Sender: cdf.lists@fxp.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Dec 20, 2000 at 08:26:08PM +0100, Slawek Zak wrote: > Has SSH in 4.2-RELEASE been updated to prevent the latest attack > (unauthorized agent and X11 connection forwarding)? > Yes, OpenSSH was patched on 2000-11-14 (before FreeBSD 4.2 was released). See http://www.FreeBSD.org/cgi/cvsweb.cgi/src/crypto/openssh/clientloop.c for more details. -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message