Skip to main content


Security vendor demanding I install servers in my network running out of date FreeBSD which can't be updated and RCEs in SSH

I really wish there was a compliance framework these types needed to follow

@The Psychotic Network Ferret I think it's so they don't need to tell me it's FreeBSD.

They also tell me to use the IP address on eth1 and the server *is FreeBSD*.

It's 11.4 so it's not dire - but it looks like they haven't updated it ever. I tried a poke at pkg and they don't have their own repo so the repo is just gone. And yes, the SSH is 8.4 from 2022.