Date: Sat, 11 Nov 2000 15:05:03 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: John F Cuzzola <vdrifter@ocis.ocis.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: SSH Message-ID: <20001111150503.A50871@citusc17.usc.edu> In-Reply-To: <Pine.LNX.4.21.0011111447120.16981-100000@ocis.ocis.net>; from vdrifter@ocis.ocis.net on Sat, Nov 11, 2000 at 02:53:01PM -0800 References: <Pine.LNX.4.21.0011111447120.16981-100000@ocis.ocis.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--y0ulUmNC+osPPQO6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Nov 11, 2000 at 02:53:01PM -0800, John F Cuzzola wrote: >=20 > Hello Everyone, > I've noticed recently that the latest releases of FreeBSD have SSH running > out-of-the-box. I would like to upgrade previous FreeBSD boxes from SSH > 1.2x to a later copy that supports SSH protocol 1 & 2. I hear the SSH-1.2x > series may have a buffer overflow problem. Where do I find in the ports > the SSH version that is currently in use? I see there is a ssh-1.2.27 > package but is this what's being installed now by default? is it OpenSSH > or other?=20 It's OpenSSH 2.2.0 in the base system. SSH 1.2.27 doesn't have any known security issues except for the endemic weaknesses in the protocol. Either SSH 2.x or OpenSSH talk the SSH2 protocols. Kris --y0ulUmNC+osPPQO6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoN0J8ACgkQWry0BWjoQKUIZgCeIBjZyJQnIWSZInY7VrmhCCBz NmsAoOQHmCk/fuDvzd3BRMmS39jOUPY6 =AJBE -----END PGP SIGNATURE----- --y0ulUmNC+osPPQO6-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001111150503.A50871>