Re: updating system version of OpenSSH
wo_shi_big_stomach [EMAIL PROTECTED] writes: Phil Schulz wrote: If you can't afford to upgrade the base OS and you do not want to install OpenSSH from the ports Sorry, I wasn't clear. I have no problem installing or upgrading OpenSSH from ports. Indeed, that's all I know how to do. It's generally the best option for people who need to upgrade to the latest version string, such as for satisfying corporate security experts. Beyond that, the only real use of ports upgrades is for people who insist on staying with older base versions. My question is how to upgrade OpenSSH as included with 5.2.1. If a ports install will do this, great. It will. The more general question is how to upgrade system software, especially in cases where it's not included in the ports collection. There are several answers, but the usual one is to update the entire base system. FreeBSD is designed to be a complete operating system, rather than to be updated piecemeal; the advantage is that you don't have to worry about dependencies between the pieces, but the disadvantage is that, well, you have to update everything at once. In the case of people still running 5.2.1, I'd definitely recommend updating the whole thing -- after all, 5.2.1 wasn't recommended for production use at the time it was released, and 5.3 was. Another answer is the FreeBSD-update port (security/freebsd-update), but it doesn't support custom kernels. If you're updating because of a security problem that had a security advisory issued for it, then the advisory will generally include patches and directions for applying and building them. Doing this for arbitrary sets of code updates is usually possible, but difficult for anyone who doesn't have developer-level understanding of source code control. Good luck. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: updating system version of OpenSSH
Phil Schulz wrote: If you can't afford to upgrade the base OS and you do not want to install OpenSSH from the ports Sorry, I wasn't clear. I have no problem installing or upgrading OpenSSH from ports. Indeed, that's all I know how to do. My question is how to upgrade OpenSSH as included with 5.2.1. If a ports install will do this, great. The more general question is how to upgrade system software, especially in cases where it's not included in the ports collection. --- [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Someone please correct me if I'm wrong on this but I believe rkhunter is just checking the version 3.6.1 and doesn't account for the 'p1' part which refers to a FBSD patch that corrected the vulnerability rkhunter is referring to. IOW, I don't think you need to update ssh on 5.2.1 if your motive is merely that rkhunter flagged it. OK, that's a relief, thanks. Same question holds, though. If some system software is actually vulnerable, what's the procedure to update it? thanks /wsbs __ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
updating system version of OpenSSH
What is the procedure for patching/updating system version of OpenSSH on an FBSD 5.2.1 box? I used the excellent Rootkit Hunter security assessment tool: http://www.rootkit.nl/projects/rootkit_hunter.html and it found that I'm running OpenSSH 3.6.1p1, which has at least one vulnerability. I only know how to install/upgrade from ports. OpenSSH is part of the ports collection, but the build I'm running was included with the OS. What's the right way to proceed here? thanks /wsbs __ Do you Yahoo!? Yahoo! Mail - Easier than ever with enhanced search. Learn more. http://info.mail.yahoo.com/mail_250 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: updating system version of OpenSSH
On 02/25/05 20:55, David Newman wrote: What is the procedure for patching/updating system version of OpenSSH on an FBSD 5.2.1 box? If you can't afford to upgrade the base OS and you do not want to install OpenSSH from the ports, then you'll need to specify what vulnerability you are talking about. I checked the FreeBSD security advisories which *could* apply to your problem and it seems that FreeBSD-SA-04:05.openssl is the one you might be talking about. A patch is included with the advisory along with instructions on how to apply the patch and fix the issue. ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc Regards, Phil. I used the excellent Rootkit Hunter security assessment tool: http://www.rootkit.nl/projects/rootkit_hunter.html and it found that I'm running OpenSSH 3.6.1p1, which has at least one vulnerability. I only know how to install/upgrade from ports. OpenSSH is part of the ports collection, but the build I'm running was included with the OS. What's the right way to proceed here? thanks /wsbs ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: updating system version of OpenSSH
David Newman wrote: What is the procedure for patching/updating system version of OpenSSH on an FBSD 5.2.1 box? I used the excellent Rootkit Hunter security assessment tool: http://www.rootkit.nl/projects/rootkit_hunter.html and it found that I'm running OpenSSH 3.6.1p1, which has at least one vulnerability. I only know how to install/upgrade from ports. OpenSSH is part of the ports collection, but the build I'm running was included with the OS. What's the right way to proceed here? thanks Someone please correct me if I'm wrong on this but I believe rkhunter is just checking the version 3.6.1 and doesn't account for the 'p1' part which refers to a FBSD patch that corrected the vulnerability rkhunter is referring to. IOW, I don't think you need to update ssh on 5.2.1 if your motive is merely that rkhunter flagged it. To be sure, check the older security advisories at freebsd.org and I bet you'll find a reference to it. G ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]