Attack Discovered Against SSH - is FreeBSD vulnerable?

[ikevin8me]

I have a concern about the recent news regarding the newly discovered SSH attacks, when "ChaCha20-Poly1305" or "CBC with Encrypt-then-MAC" is used. So, if we set up a server (sshd) or using it as a client (ssh) as default, would this vulnerability be relevant?

 

[SirDice]

Just update, don't take any risks.

https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc

Issue is fixed in 13.2-RELEASE-p9 and 14.0-RELEASE-p4.

 

[ikevin8me]

Alright, GREAT! So, there is no concern if I'm using 13.2-RELEASE-p9 and 14.0-RELEASE-p4. Thanks!