===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/59.html,v
retrieving revision 1.15
retrieving revision 1.16
diff -c -r1.15 -r1.16
*** www/59.html 2016/02/02 02:19:31 1.15
--- www/59.html 2016/02/03 14:58:49 1.16
***************
*** 128,146 ****
- Security:
-
- Potentially-incompatible changes:
-
-
- New/changed features:
-
- The following significant bugs have been fixed in this release:
--- 128,173 ----
- Security:
! - Qualys Security identified vulnerabilities in the
! ssh(1)
! client experimential support for resuming SSH-connections (roaming).
! In the default configuration, this could potentially leak client keys
! to a hostile server. The authentication of the server host key
! prevents exploitation by a man-in-the-middle, so this information leak
! is restricted to connections to malicious or compromised servers.
! This feature has been disabled in the
! ssh(1)
! client, and it has been removed from the source tree. The matching
! server code has never been shipped.
!
- sshd(8):
! OpenSSH 7.0 contained a logic error in
! PermitRootLogin=prohibit-password/without-password that could,
! depending on compile-time configuration, permit password authentication
! to root while preventing other forms of authentication.
!
- ssh(1):
!
- Eliminate the fallback from untrusted X11-forwarding to trusted
! forwarding for cases when the X server disables the SECURITY
! extension.
!
- Fix an out of-bound read access in the packet handling code.
!
- Further use of explicit_bzero has been added in various buffer
! handling code paths to guard against compilers aggressively doing
! dead-store removal.
- The following significant bugs have been fixed in this release:
! - ssh(1),
! sshd(8):
! add compatability workarounds for FuTTY.
!
- ssh(1),
! sshd(8):
! refine compatability workarounds for WinSCP.
!
- Fix a number of memory faults (double-free, free of uninitialised
! memory, etc) in
! ssh(1)
! and
! ssh-keygen(1).
!
- Correctly interpret the 'first_kex_follows' option during the intial
! key exchange.