From owner-freebsd-security@FreeBSD.ORG Sun Oct 1 22:12:17 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92D3716A403 for ; Sun, 1 Oct 2006 22:12:17 +0000 (UTC) (envelope-from mp@FreeBSD.org) Received: from relay02.pair.com (relay02.pair.com [209.68.5.16]) by mx1.FreeBSD.org (Postfix) with SMTP id 2798E43D4C for ; Sun, 1 Oct 2006 22:12:17 +0000 (GMT) (envelope-from mp@FreeBSD.org) Received: (qmail 79934 invoked by uid 0); 1 Oct 2006 22:12:15 -0000 Received: from unknown (HELO ?10.1.10.147?) (unknown) by unknown with SMTP; 1 Oct 2006 22:12:15 -0000 X-pair-Authenticated: 67.188.136.165 Message-ID: <45203CEA.90301@FreeBSD.org> Date: Sun, 01 Oct 2006 15:10:50 -0700 From: Mark Peek User-Agent: Thunderbird 1.5.0.7 (Macintosh/20060918) MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <200609302024.k8UKOjon073315@freefall.freebsd.org> In-Reply-To: <200609302024.k8UKOjon073315@freefall.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Sun, 01 Oct 2006 23:23:55 +0000 Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:22.openssh X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Oct 2006 22:12:17 -0000 On 9/30/06 1:24 PM, FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ============================================================================= > FreeBSD-SA-06:22.openssh Security Advisory > The FreeBSD Project > > Topic: Multiple vulnerabilities in OpenSSH > > Category: contrib > Module: openssh > Announced: 2006-09-30 > Credits: Tavis Ormandy, Mark Dowd > Affects: All FreeBSD releases. > Corrected: 2006-09-30 19:50:57 UTC (RELENG_6, 6.2-PRERELEASE) > 2006-09-30 19:51:56 UTC (RELENG_6_1, 6.1-RELEASE-p10) > 2006-09-30 19:53:21 UTC (RELENG_6_0, 6.0-RELEASE-p15) > 2006-09-30 19:54:03 UTC (RELENG_5, 5.5-STABLE) > 2006-09-30 19:54:58 UTC (RELENG_5_5, 5.5-RELEASE-p8) > 2006-09-30 19:55:52 UTC (RELENG_5_4, 5.4-RELEASE-p22) > 2006-09-30 19:56:38 UTC (RELENG_5_3, 5.3-RELEASE-p37) > 2006-09-30 19:57:15 UTC (RELENG_4, 4.11-STABLE) > 2006-09-30 19:58:07 UTC (RELENG_4_11, 4.11-RELEASE-p25) > CVE Name: CVE-2006-4924, CVE-2006-5051 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . > > I. Background > > OpenSSH is an implementation of the SSH protocol suite, providing an > encrypted, authenticated transport for a variety of services, > including remote shell access. >snip< BTW, the patches for this advisory appear to also need a patch to add log.c into src/secure/usr.sbin/sshd/Makefile. Mark