Subject: Re: How to update to the latest OpenSSH?
To: Manuel Bouyer <>
From: Paul Hoffman <>
List: tech-security
Date: 12/04/2001 11:05:14
At 7:57 PM +0100 12/4/01, Manuel Bouyer wrote:
>On Tue, Dec 04, 2001 at 08:45:43AM -0800, Paul Hoffman wrote:
>>  Greetings again. I'm running a stock 1.5.1 (not using -current). My
>>  sshd reports itself as:
>>  sshd version OpenSSH_2.5.1 NetBSD_Secure_Shell-20010219
>>  So, here's a bunch of questions.
>>  How do I upgrade it to the latest version that has the security bug
>>  fixes in it? The current version seems to be 3.0.2, so I don't
>>  imagine that I can do a simple patch in /usr/src.
>What's the problem with the 1.5.1 sshd ?

There is a security flaw that has been widely announced this morning. 
I have worked around the flaw, but the question remains on how to 
upgrade in a way that won't get lost later.

>Maybe you could just grab the 1.5.2 sources and compile from here ?

I don't think the new version is in the 1.5.2 sources have the newest 
version, which came out in the last few days.