~*ONIE*~ writes: > ----- Original Message ----- > From: "Jimmy Lim" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, August 02, 2002 8:30 AM > Subject: [plug] Re: CERT Advisory CA-2002-24 Trojan Horse OpenSSH > Distribution > > >> Anuerin G. Diaz writes: >> >> > >> > hi, >> > >> > im currently downloading the 4.6 BSD iso images. does this mean that >> > if the date of the md5sum file in the server im downloading was modified >> > on or later than july 30 then the image might be compromised? or does >> > the trojan only affect the individual openssh packages at the ftp sites? >> > >> > i know its probably a stupid question but i want to have confirmation. >> > >> > ciao! >> >> Hi Anuerin, >> >> I guess you need to redownload the install iso image of >> FreeBSD-i386-4.6RC2.iso, after the release of FreeBSD-4.6-RELEASE, the >> security officer of FreeBSD found so many bugs/vulnerabilities on the said >> release, so the Release group decided to release the RC2 of iso found in >> ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-i386/4.6.1-RC2.iso. Try to >> visit http://www.freebsd.org/security for more info. >> >> The Security officer said that the release version of openssh from the >> stable version was not infected by the said trojan. > > Or if you already have tons of configuration on your currrent unix-like box, > you can > just cvsup using stable-supfile, make buildworld && make installworld. Then > cvsup ports and compile the specific affected applications. > > Just my 2 cents. > > Do we have any mailing-list for *bsd? IIRC, fooler uses freebsd too :) > Stability is one of the objective of FreeBSD community, therefore, even without decent Internet connection your freebsd version must be free from bugs.
Yes there's a local freebsd mailing list at yahoogroups http://groups.yahoo.com/group/ph-freebsd/. regards, Jimmy Lim Operation & Support Team Leader Tricom DISCLAIMER: Any views expressed herein belong to the employee and do not necessarily reflect the official position of Tricom. Privileged or confidential information may be contained in this message. If you are not the intended recipient (or the person responsible for delivery to such person), you may not copy or deliver this message to anyone. In such a case, you should destroy this message and kindly notify the sender by reply email. _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
