This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: [ANNOUNCEMENT] [1.7] Updated: OpenSSH-5.2p1-1
On Feb 26 10:39, Frank Fesevur wrote:
> 2009/2/26 Corinna Vinschen:
> > On Feb 25 16:12, Frank Fesevur wrote:
> >> Since this is a security fix, will there be a 1.5 update as well?
> >
> > Well, actually I have no intention to update 1.5.x packages anymore.
>
> I understand you want us to start using 1.7, but in the announcement
> of 1.7.0-41 you write in capitals:
>
> ====================================================================
> THIS IS STILL A TEST RELEASE. DON'T USE IN PRODUCTION ENVIRONMENTS.
> ====================================================================
>
> So I didn't install 1.7 on our server, but apparently now it has a
> security problem.
You can workaround the problem in 5.1p1 by specifying the "Ciphers"
option in sshd_config, like this:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour
This disables thr CBC ciphers which are mentioned in the advisory.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/