OpenSSH buffer management error - Upgrade help

Hello there I was wondering if someone could point me into the correct direction.

I would like to update my system in responce to the Advisory on the Opens SSH buffer management error. and would liek to know which option to use in the upgrade.

I am currently running:-

FreeBSD my.host.com 4.7-RELEASE FreeBSD 4.7-RELEASE #0: Tue Jun 3 15:31:21 CST 2003 root@my.host.com:/usr/src/sys/compile/NEWSERVE
R i386

Open ssh is:-
Server
sshd version OpenSSH_3.4p1 FreeBSD-20020702

Client
OpenSSH_3.4p1 FreeBSD-20020702, SSH protocols 1.5/2.0, OpenSSL 0x0090607f

Open SSH was installed as the base install at time of system installation.

If I can help it I do not want to upgrade the whole system as it is running as a web server, and other applications are running on it, all I would prefer to be able to do is to apply the patch.

is it safe to just apply the patch in this case? as shown in the following choices from the advisory email:-

1) Upgrade your vulnerable system to 4-STABLE or to the RELENG_5_1,
RELENG_4_8, or RELENG_4_7 security branch dated after
the correction date (5.1-RELEASE-p3, 4.8-RELEASE-p5, or
4.7-RELEASE-p15, respectively).

2) FreeBSD systems prior to the correction date:

The following patches have been verified to apply to FreeBSD 4.x and
FreeBSD 5.x systems prior to the correction date.

Download the appropriate patch and detached PGP signature from the following
locations, and verify the signature using your PGP utility.

[FreeBSD 4.3 and 4.4]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/C.../buffer44.patch
# fetch
ftp://ftp.FreeBSD.org/pub/FreeBSD/C...fer44.patch.asc

[FreeBSD 4.5]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/C.../buffer45.patch
# fetch
ftp://ftp.FreeBSD.org/pub/FreeBSD/C...fer45.patch.asc

[FreeBSD 4.6 and later, FreeBSD 5.0 and later]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/C.../buffer46.patch
# fetch
ftp://ftp.FreeBSD.org/pub/FreeBSD/C...fer46.patch.asc

Execute the following commands as root:

# cd /usr/src
# patch < /path/to/sshd.patch
# cd /usr/src/secure/lib/libssh
# make depend && make all install
# cd /usr/src/secure/usr.sbin/sshd
# make depend && make all install
# cd /usr/src/secure/usr.bin/ssh
# make depend && make all install

Be sure to restart `sshd' after updating.

# kill `cat /var/run/sshd.pid`
# /usr/sbin/sshd

If someone could shed a little bit of light on this for me it would be greatly appreciated.

Well, I usually make world to upgrade my systems, which you indicated you didn't want to do, and I can understand... the first couple times I did it it was a little unnerving to say the least, but once I got the hang of it, it was apiece of cake.

As for you, the patch instructions they give are pretty decent, and following them should get you the results you're looking for without needing to rebuild the whole system.

Just make sure the patch applies cleanly - it will give you good output telling you if it failed. As long as the patch applies cleanly, do the makes, and you'll be all set. If any SSH connections are open before/during the update, you'll probably have to restart the sshd deamon, or at least reconnect your sessions, but you should be OK.

-Gary