Date: Tue, 25 Jun 2002 02:33:51 -0700 From: Doug Barton <DougB@FreeBSD.org> To: mjacob@feral.com Cc: rwatson@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Upcoming OpenSSH vulnerability (fwd) Message-ID: <3D1838FF.DE572927@FreeBSD.org> References: <Pine.BSF.4.21.0206242142300.86665-100000@beppo>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Jacob wrote: > > Despite DES's claim that Theo is too hard to work with, perhaps somebody who > understands the issues could see where FreeBSD stands wrt this. We are replacing the openssh version in -current with the latest version of openssh-portable, and enabling privsep by default. I am unsure of the plans to import that into -stable, however you have essentially the same capability to do the upgrade on your -stable system through the ports. The project does not take a stand on how third parties disclose bugs. Neither is that subject on topic for this list. The options available to you have been well documented at this point: 1. Turn off openssh, and/or replace it with another product. 2. Upgrade to the privsep code and hope it makes things better. Personally I think 2 is a reasonable option, but if you don't like it, 1 is still available. Hope this helps, Doug To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D1838FF.DE572927>