On Wed, 16 Mar 2011 14:35:09 +0000 Matthew Seaman <m.sea...@infracaninophile.co.uk> articulated:
> On 16/03/2011 13:38, Carmel wrote: > > I was just wondering about the version of SSH used on FreeBSD. > > > > According to the OpenSSH page: > > > > OpenSSH 5.8/5.8p1 released February 4, 2011 [contains security fix] > > > > Now, according to my system, FreeBSD-8.2, I have this version: > > > > OpenSSH_5.4p1 FreeBSD-20100308, OpenSSL 0.9.8q 2 Dec 2010 > > > > # openssl version > > OpenSSL 1.0.0d 8 Feb 2011 > > > > So why is an older version shown? Also, when does the FreeBSD > > team intend to update the system OpenSSH version? > > > > I have the following notation in my /etc/make.conf file: > > > > WITH_OPENSSL_PORT=yes > > > > Should I have something else also? I have FreeBSD 8.2-STABLE > > installed. > > > > The version of OpenSSH shipped with any release of the OS is > exceedingly unlikely to be updated within the lifetime of that > release. Not unless there was a killer problem, and it turned out > easier to update the whole shebang rather than just patching the > problem. > > Why wasn't OpenSSH updated in stable/8 before 8.2-RELEASE? Good > question. I don't actually know. It's quite possible that no one had > sufficient spare cycles to do the work required, and that the changes > between 5.4 and 5.8 were not sufficiently compelling for anyone to > make the time. OK, then does that mean that the latest version will be used in the still not released 9 version of FreeBSD? > As for security vulnerabilities: did you check on the OpenSSH site? > The vulnerability fixed in 5.8 (information leak in signed SSH keys) > only applies to versions 5.6 and 5.7 -- that's because the whole > 'signed key' thing isn't in version 5.4 at all. No, all I did was check for the current version. > I can tell you that the FreeBSD Security Team is extremely efficient > and would have had patches and security advisories out for this > problem within a matter of hours of the OpenSSH announcement *if it > had been relevant*. -- Carmel carmel...@hotmail.com _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"