From owner-freebsd-security  Wed Jun 26  6:33:29 2002
Delivered-To: freebsd-security@freebsd.org
Received: from crimelords.org (crimelords.org [199.233.213.8])
	by hub.freebsd.org (Postfix) with ESMTP id A43B837B405
	for <freebsd-security@FreeBSD.ORG>; Wed, 26 Jun 2002 06:33:25 -0700 (PDT)
Received: from localhost (admin@localhost)
	by crimelords.org (8.11.6/8.11.6) with ESMTP id g5QDVkC61113
	for <freebsd-security@FreeBSD.ORG>; Wed, 26 Jun 2002 08:31:46 -0500 (CDT)
	(envelope-from admin@crimelords.org)
Date: Wed, 26 Jun 2002 08:31:46 -0500 (CDT)
From: admin <admin@crimelords.org>
To: freebsd-security@FreeBSD.ORG
Subject: OpenSSH vulnerability
Message-ID: <Pine.BSF.4.44.0206260830230.61072-100000@crimelords.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I'm on this list, but haven't seen ANY email the past few days, so I'm
going to post this to see if I even get it.  I'm sure I was accidently
removed or something, and will figure that out shortly.

http://www.openssh.com

A yet undisclosed vulnerability exists in OpenSSH. You are strongly
encouraged to upgrade immediately to OpenSSH 3.3 with the
UsePrivilegeSeparation option enabled. Privilege Separation blocks this
problem. Keep an eye out for the upcoming OpenSSH 3.4 release on Monday
that fixes the vulnerability itself.

ports updated yet?

-emacs


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message