This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [ANNOUNCEMENT] [1.7] Updated: OpenSSH-5.2p1-1


On Feb 26 10:39, Frank Fesevur wrote:
> 2009/2/26 Corinna Vinschen:
> > On Feb 25 16:12, Frank Fesevur wrote:
> >> Since this is a security fix, will there be a 1.5 update as well?
> >
> > Well, actually I have no intention to update 1.5.x packages anymore.
> 
> I understand you want us to start using 1.7, but in the announcement
> of 1.7.0-41 you write in capitals:
> 
> ====================================================================
> THIS IS STILL A TEST RELEASE.  DON'T USE IN PRODUCTION ENVIRONMENTS.
> ====================================================================
> 
> So I didn't install 1.7 on our server, but apparently now it has a
> security problem.

You can workaround the problem in 5.1p1 by specifying the "Ciphers"
option in sshd_config, like this:

  Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour

This disables thr CBC ciphers which are mentioned in the advisory.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]