Subject: upgrade openssh to 3.3, or 3.2.1 + privilege separation
To: None <netbsd-announce>
From: None <>
List: current-users
Date: 06/25/2002 11:29:49
	there was an annoucement of openssh security problem.  full fix will
	be available next week, and until that, it is advised to run
	openssh daemon (sshd) with privilege separation enabled.

	here are advice to various versions of NetBSD users.

	1.4/1.5 users - use pkgsrc as described below
	1.6_BETAx users - openssh shipped with 1.6_BETAx 3.2.1, with
		privilege separation enabled.  it should be safe enough
	current users - openssh shipped with current is 3.3, with
		privilege separation enabled.  it should be safe enough


------- Forwarded Message

	by (Postfix) with SMTP id 5ECE84B24
	for <>; Tue, 25 Jun 2002 11:15:04 +0900 (JST)
  by with SMTP; 25 Jun 2002 02:14:28 -0000
	by (Postfix) with ESMTP
	id 2E95F4B25; Tue, 25 Jun 2002 11:14:26 +0900 (JST)
In-reply-to: ibarra's message of Mon, 24 Jun 2002 21:34:34 -0400.
Subject: Re: OpenSSH Priv Sep and Remote Exploit? 
Date: Tue, 25 Jun 2002 11:14:26 +0900
Message-Id: <>

	users of NetBSD 1.4 and 1.5 are strongly recommended to upgrade
	openssh by using pkgsrc, namely pkgsrc/security/openssh/Makefile
	revision 1.73 (openssh-


------- End of Forwarded Message