From owner-freebsd-questions@FreeBSD.ORG Mon May 24 14:08:11 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 00D0E16A4CE for ; Mon, 24 May 2004 14:08:11 -0700 (PDT) Received: from kheops.speedy.net.pe (kheops.speedy.net.pe [200.48.172.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 842D543D45 for ; Mon, 24 May 2004 14:08:09 -0700 (PDT) (envelope-from rcc@speedy.net.pe) Received: from kheops.speedy.net.pe (kheops.speedy.net.pe [200.48.172.40]) by kheops.speedy.net.pe (Postfix) with ESMTP id 117AC26218 for ; Mon, 24 May 2004 16:12:33 -0500 (PET) Date: Mon, 24 May 2004 16:12:33 -0500 (PET) From: Richard Cotrina To: freebsd-questions@freebsd.org In-Reply-To: Message-ID: <20040524160844.D23535@kheops.speedy.net.pe> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: RE: freebsd 5.2.1 openssh hole X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 May 2004 21:08:11 -0000 Take a look at /usr/ports/security/openssh-portable There's the latest openssh port (3.8.1p1) On Mon, 24 May 2004, JJB wrote: > Send email to FBSD OpenSSH port maintainer and tell then the port is > out of date. > > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Thomas May > Sent: Monday, May 24, 2004 3:23 PM > To: freebsd-questions@FreeBSD.org > Subject: freebsd 5.2.1 openssh hole > > Hi, > > > > i have installed the new version 5.2.1 and the ports collection from > yesterday. i have checked the server > > with nessus and I got a security hole warning. > > > > You are running a version of OpenSSH which is older than 3.7.1 > > > > Versions older than 3.7.1 are vulnerable to a flaw in the buffer > management > > functions which might allow an attacker to execute arbitrary > commands on > this > > host. > > > > What can I do ? I have installed openssl from the ports tree, but I > got the > same error. > > > > > > > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.689 / Virus Database: 450 - Release Date: 21.05.2004 > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >