----- Original Message ----- From: "Jimmy Lim" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 02, 2002 8:30 AM Subject: [plug] Re: CERT Advisory CA-2002-24 Trojan Horse OpenSSH Distribution
> Anuerin G. Diaz writes: > > > > > hi, > > > > im currently downloading the 4.6 BSD iso images. does this mean that > > if the date of the md5sum file in the server im downloading was modified > > on or later than july 30 then the image might be compromised? or does > > the trojan only affect the individual openssh packages at the ftp sites? > > > > i know its probably a stupid question but i want to have confirmation. > > > > ciao! > > Hi Anuerin, > > I guess you need to redownload the install iso image of > FreeBSD-i386-4.6RC2.iso, after the release of FreeBSD-4.6-RELEASE, the > security officer of FreeBSD found so many bugs/vulnerabilities on the said > release, so the Release group decided to release the RC2 of iso found in > ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-i386/4.6.1-RC2.iso. Try to > visit http://www.freebsd.org/security for more info. > > The Security officer said that the release version of openssh from the > stable version was not infected by the said trojan. Or if you already have tons of configuration on your currrent unix-like box, you can just cvsup using stable-supfile, make buildworld && make installworld. Then cvsup ports and compile the specific affected applications. Just my 2 cents. Do we have any mailing-list for *bsd? IIRC, fooler uses freebsd too :) Onie _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
