On Feb 26 10:39, Frank Fesevur wrote: > 2009/2/26 Corinna Vinschen: > > On Feb 25 16:12, Frank Fesevur wrote: > >> Since this is a security fix, will there be a 1.5 update as well? > > > > Well, actually I have no intention to update 1.5.x packages anymore. > > I understand you want us to start using 1.7, but in the announcement > of 1.7.0-41 you write in capitals: > > ==================================================================== > THIS IS STILL A TEST RELEASE. DON'T USE IN PRODUCTION ENVIRONMENTS. > ==================================================================== > > So I didn't install 1.7 on our server, but apparently now it has a > security problem.
You can workaround the problem in 5.1p1 by specifying the "Ciphers" option in sshd_config, like this: Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour This disables thr CBC ciphers which are mentioned in the advisory. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
