Re: FreeBSD Security Advisory FreeBSD-SA-01:24.ssh
From: The Hermit Hacker (scrappy@hub.org)
Date: 02/14/01
- Next message: Matt Piechota: "Re: cithaeron security check output (fwd)"
- Previous message: Stefan: "Abnormal behaviour of "established" rule with ipfw?"
- In reply to: Nate Williams: "Re: FreeBSD Security Advisory FreeBSD-SA-01:24.ssh"
- Next in thread: Kris Kennaway: "Re: FreeBSD Security Advisory FreeBSD-SA-01:24.ssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 14 Feb 2001 15:50:02 -0400 (AST) From: The Hermit Hacker <scrappy@hub.org> To: Nate Williams <nate@yogotech.com>
On Wed, 14 Feb 2001, Nate Williams wrote:
> > > > OpenSSH is installed if you chose to install the 'crypto' distribution
> > > > at install-time or when compiling from source, and is installed and
> > > > enabled by default as of FreeBSD 4.1.1-RELEASE. By default SSH1
> > > > protocol support is enabled.
> > >
> > > Excuse me pointing to a similar point in the last few advisories,
> > > but , again, for some reason earlier releases 4.0 and 4.1 are forgotten.
> > > While the advisory includes those releases in the list
> > > of vulnerable systems, the paragraph quoted above tells that
> > > OpenSSH is install as of FreeBSD 4.1.1-RELEASE.
> > > However, I see that 4.0-RELEASE had OpenSSH-1.2.2
> > > and it is, according to the quote below is vulnerable.
> >
> > If you look at http://www.freebsd.org/security we only claim to
> > provide security support for the most recent version of FreeBSD
> > (4.2-RELEASE) and after.
>
> I agree that 'support' is one thing, but at least mentioning which
> releases are effected by this bug would be good.
>
> Most of the other vendors list all of their 'effected' releases as being
> effected or not, and since most of the deployed FreeBSD systems are
> *NOT* running 4.2R, this is of great benefit to the users.
If nothing else, by listed anything before 4.2R as *being* vulnerable, but
unsupported, you give ppl one more incentive to dive into upgrading ...
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Matt Piechota: "Re: cithaeron security check output (fwd)"
- Previous message: Stefan: "Abnormal behaviour of "established" rule with ipfw?"
- In reply to: Nate Williams: "Re: FreeBSD Security Advisory FreeBSD-SA-01:24.ssh"
- Next in thread: Kris Kennaway: "Re: FreeBSD Security Advisory FreeBSD-SA-01:24.ssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
