| version 1.15, 2016/02/02 02:19:31 |
version 1.16, 2016/02/03 14:58:49 |
|
|
| <ul> |
<ul> |
| <li>Security: |
<li>Security: |
| <ul> |
<ul> |
| <li>... |
<li>Qualys Security identified vulnerabilities in the |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> |
| |
client experimential support for resuming SSH-connections (roaming). |
| |
In the default configuration, this could potentially leak client keys |
| |
to a hostile server. The authentication of the server host key |
| |
prevents exploitation by a man-in-the-middle, so this information leak |
| |
is restricted to connections to malicious or compromised servers. |
| |
This feature has been disabled in the |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> |
| |
client, and it has been removed from the source tree. The matching |
| |
server code has never been shipped. |
| |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: |
| |
OpenSSH 7.0 contained a logic error in |
| |
<tt>PermitRootLogin=prohibit-password/without-password</tt> that could, |
| |
depending on compile-time configuration, permit password authentication |
| |
to root while preventing other forms of authentication. |
| |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>: |
| |
<li>Eliminate the fallback from untrusted X11-forwarding to trusted |
| |
forwarding for cases when the X server disables the <tt>SECURITY</tt> |
| |
extension. |
| |
<li>Fix an out of-bound read access in the packet handling code. |
| |
<li>Further use of explicit_bzero has been added in various buffer |
| |
handling code paths to guard against compilers aggressively doing |
| |
dead-store removal. |
| </ul> |
</ul> |
| <li>Potentially-incompatible changes: |
|
| <ul> |
|
| <li>... |
|
| </ul> |
|
| <li>New/changed features: |
|
| <ul> |
|
| <li>... |
|
| </ul> |
|
| <li>The following significant bugs have been fixed in this release: |
<li>The following significant bugs have been fixed in this release: |
| <ul> |
<ul> |
| <li>... |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>, |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: |
| |
add compatability workarounds for FuTTY. |
| |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>, |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: |
| |
refine compatability workarounds for WinSCP. |
| |
<li>Fix a number of memory faults (double-free, free of uninitialised |
| |
memory, etc) in |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> |
| |
and |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>. |
| |
<li>Correctly interpret the 'first_kex_follows' option during the intial |
| |
key exchange. |
| </ul> |
</ul> |
| </ul> |
</ul> |
| <p> |
<p> |
![[BACK]](/icons/back.gif){kind=icon}
Return to 59.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www