X-Recipient: archive-cygwin@delorie.com
X-Spam-Check-By: sourceware.org
Date: Thu, 26 Feb 2009 11:36:43 +0100
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: [ANNOUNCEMENT] [1.7] Updated: OpenSSH-5.2p1-1
Message-ID: <20090226103643.GV18319@calimero.vinschen.de>
Reply-To: cygwin@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
References: <announce.20090225140457.GI18319@calimero.vinschen.de> <17f020130902250712h426d233bofa68d3504689702d@mail.gmail.com> <20090226091207.GT18319@calimero.vinschen.de> <17f020130902260139h29e57c5area85ef624dc5377e@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <17f020130902260139h29e57c5area85ef624dc5377e@mail.gmail.com>
User-Agent: Mutt/1.5.19 (2009-02-20)
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie.com@cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

On Feb 26 10:39, Frank Fesevur wrote:
> 2009/2/26 Corinna Vinschen:
> > On Feb 25 16:12, Frank Fesevur wrote:
> >> Since this is a security fix, will there be a 1.5 update as well?
> >
> > Well, actually I have no intention to update 1.5.x packages anymore.
> 
> I understand you want us to start using 1.7, but in the announcement
> of 1.7.0-41 you write in capitals:
> 
> ====================================================================
> THIS IS STILL A TEST RELEASE.  DON'T USE IN PRODUCTION ENVIRONMENTS.
> ====================================================================
> 
> So I didn't install 1.7 on our server, but apparently now it has a
> security problem.

You can workaround the problem in 5.1p1 by specifying the "Ciphers"
option in sshd_config, like this:

  Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour

This disables thr CBC ciphers which are mentioned in the advisory.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/