there was an annoucement of openssh security problem.  full fix will
	be available next week, and until that, it is advised to run
	openssh daemon (sshd) with privilege separation enabled.

	here are advice to various versions of NetBSD users.

	1.4/1.5 users - use pkgsrc as described below
	1.6_BETAx users - openssh shipped with 1.6_BETAx 3.2.1, with
		privilege separation enabled.  it should be safe enough
	current users - openssh shipped with current is 3.3, with
		privilege separation enabled.  it should be safe enough

itojun


------- Forwarded Message

	by coconut.itojun.org (Postfix) with SMTP id 5ECE84B24
	for <itojun@itojun.org>; Tue, 25 Jun 2002 11:15:04 +0900 (JST)
  by mail.netbsd.org with SMTP; 25 Jun 2002 02:14:28 -0000
	by coconut.itojun.org (Postfix) with ESMTP
	id 2E95F4B25; Tue, 25 Jun 2002 11:14:26 +0900 (JST)
To: tech-pkg@netbsd.org, tech-security@netbsd.org
In-reply-to: ibarra's message of Mon, 24 Jun 2002 21:34:34 -0400.
      <1024968874.3d17c8aac4858@webmail.hawk.com> 
Subject: Re: OpenSSH Priv Sep and Remote Exploit? 
From: itojun@iijlab.net
Date: Tue, 25 Jun 2002 11:14:26 +0900
Message-Id: <20020625021426.2E95F4B25@coconut.itojun.org>
Sender: tech-security-owner@netbsd.org

	users of NetBSD 1.4 and 1.5 are strongly recommended to upgrade
	openssh by using pkgsrc, namely pkgsrc/security/openssh/Makefile
	revision 1.73 (openssh-3.3.0.1).

itojun

------- End of Forwarded Message