===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/61.html,v
retrieving revision 1.78
retrieving revision 1.79
diff -c -r1.78 -r1.79
*** www/61.html	2017/04/07 17:38:52	1.78
--- www/61.html	2017/04/08 14:53:35	1.79
***************
*** 497,503 ****
  
  <li>OpenSSH 7.4
      <ul>
!     <li>...
      </ul>
  <p>
  
--- 497,720 ----
  
  <li>OpenSSH 7.4
      <ul>
!     <li>Security:
!       <ul>
!       <li>ssh-agent(1): Will now refuse to load PKCS#11 modules from paths
!           outside a trusted whitelist (run-time configurable). Requests to
!           load modules could be passed via agent forwarding and an attacker
!           could attempt to load a hostile PKCS#11 module across the forwarded
!           agent channel: PKCS#11 modules are shared libraries, so this would
!           result in code execution on the system running the ssh-agent if the
!           attacker has control of the forwarded agent-socket (on the host
!           running the sshd server) and the ability to write to the filesystem
!           of the host running ssh-agent (usually the host running the ssh
!           client).
!       <li>sshd(8): When privilege separation is disabled, forwarded Unix-
!           domain sockets would be created by sshd(8) with the privileges of
!           'root' instead of the authenticated user. This release refuses
!           Unix-domain socket forwarding when privilege separation is disabled
!           (Privilege separation has been enabled by default for 14 years).
!       <li>sshd(8): Avoid theoretical leak of host private key material to
!           privilege-separated child processes via realloc() when reading
!           keys. No such leak was observed in practice for normal-sized keys,
!           nor does a leak to the child processes directly expose key material
!           to unprivileged users.
!       <li>sshd(8): The shared memory manager used by pre-authentication
!           compression support had a bounds checks that could be elided by
!           some optimising compilers. Additionally, this memory manager was
!           incorrectly accessible when pre-authentication compression was
!           disabled. This could potentially allow attacks against the
!           privileged monitor process from the sandboxed privilege-separation
!           process (a compromise of the latter would be required first).
!           This release removes support for pre-authentication compression
!           from sshd(8).
!       <li>sshd(8): Fix denial-of-service condition where an attacker who
!           sends multiple KEXINIT messages may consume up to 128MB per
!           connection.
!       <li>sshd(8): Validate address ranges for AllowUser and DenyUsers
!           directives at configuration load time and refuse to accept invalid
!           ones. It was previously possible to specify invalid CIDR address
!           ranges (e.g. user@127.1.2.3/55) and these would always match,
!           possibly resulting in granting access where it was not intended.
!       <li>ssh(1), sshd(8): Fix weakness in CBC padding oracle countermeasures
!           that allowed a variant of the attack fixed in OpenSSH 7.3 to proceed.
!       <li>sftp-client(1): [portable OpenSSH only] On Cygwin, a client making
!           a recursive file transfer could be maniuplated by a hostile server to
!           perform a path-traversal attack. creating or modifying files outside
!           of the intended target directory.
!       </ul>
!     <li>New/changed features:
!       <ul>
!       <li>Server support for the SSH v.1 protocol has been removed.
!       <li>ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit
!           block ciphers are not safe in 2016 and we don't want to wait until
!           attacks like SWEET32 are extended to SSH. As 3des-cbc was the
!           only mandatory cipher in the SSH RFCs, this may cause problems
!           connecting to older devices using the default configuration,
!           but it's highly likely that such devices already need explicit
!           configuration for key exchange and hostkey algorithms already
!           anyway.
!       <li>sshd(8): Remove support for pre-authentication compression.
!           Doing compression early in the protocol probably seemed reasonable
!           in the 1990s, but today it's clearly a bad idea in terms of both
!           cryptography (cf. multiple compression oracle attacks in TLS) and
!           attack surface. Pre-auth compression support has been disabled by
!           default for >10 years. Support remains in the client.
!       <li>ssh-agent will refuse to load PKCS#11 modules outside a whitelist
!           of trusted paths by default. The path whitelist may be specified
!           at run-time.
!       <li>sshd(8): When a forced-command appears in both a certificate and
!           an authorized keys/principals command= restriction, sshd will now
!           refuse to accept the certificate unless they are identical.
!           The previous (documented) behaviour of having the certificate
!           forced-command override the other could be a bit confusing and
!           error-prone.
!       <li>sshd(8): Remove the UseLogin configuration directive and support
!           for having /bin/login manage login sessions.
!       <li>ssh(1): Add a proxy multiplexing mode to ssh(1) inspired by the
!           version in PuTTY by Simon Tatham. This allows a multiplexing
!           client to communicate with the master process using a subset of
!           the SSH packet and channels protocol over a Unix-domain socket,
!           with the main process acting as a proxy that translates channel
!           IDs, etc.  This allows multiplexing mode to run on systems that
!           lack file- descriptor passing (used by current multiplexing
!           code) and potentially, in conjunction with Unix-domain socket
!           forwarding, with the client and multiplexing master process on
!           different machines. Multiplexing proxy mode may be invoked using
!           "ssh -O proxy ..."
!       <li>sshd(8): Add a sshd_config DisableForwarding option that disables
!           X11, agent, TCP, tunnel and Unix domain socket forwarding, as well
!           as anything else we might implement in the future. Like the
!           'restrict' authorized_keys flag, this is intended to be a simple
!           and future-proof way of restricting an account.
!       <li>sshd(8), ssh(1): Support the "curve25519-sha256" key exchange
!           method. This is identical to the currently-supported method named
!           "curve25519-sha256@libssh.org".
!       <li>sshd(8): Improve handling of SIGHUP by checking to see if sshd is
!           already daemonised at startup and skipping the call to daemon(3)
!           if it is. This ensures that a SIGHUP restart of sshd(8) will
!           retain the same process-ID as the initial execution. sshd(8) will
!           also now unlink the PidFile prior to SIGHUP restart and re-create
!           it after a successful restart, rather than leaving a stale file in
!           the case of a configuration error.
!       <li>sshd(8): Allow ClientAliveInterval and ClientAliveCountMax
!           directives to appear in sshd_config Match blocks.
!       <li>sshd(8): Add %-escapes to AuthorizedPrincipalsCommand to match
!           those supported by AuthorizedKeysCommand (key, key type,
!           fingerprint, etc.) and a few more to provide access to the
!           contents of the certificate being offered.
!       <li>Added regression tests for string matching, address matching and
!           string sanitisation functions.
!       <li>Improved the key exchange fuzzer harness.
!       <li>Deprecate the sshd_config UsePrivilegeSeparation
!           option, thereby making privilege separation mandatory. Privilege
!           separation has been on by default for almost 15 years and
!           sandboxing has been on by default for almost the last five.
!       <li>ssh(1), sshd(8): Support "=-" syntax to easily remove methods from
!           algorithm lists, e.g. Ciphers=-*cbc.
!       </ul>
!     <li>The following significant bugs have been fixed in this release:
!       <ul>
!       <li>ssh(1): Allow IdentityFile to successfully load and use
!           certificates that have no corresponding bare public key.
!           certificate id_rsa-cert.pub (and no id_rsa.pub).
!       <li>ssh(1): Fix public key authentication when multiple
!           authentication is in use and publickey is not just the first
!           method attempted.
!       <li>ssh-agent(1), ssh(1): improve reporting when attempting to load
!           keys from PKCS#11 tokens with fewer useless log messages and more
!           detail in debug messages.
!       <li>ssh(1): When tearing down ControlMaster connections, don't
!           pollute stderr when LogLevel=quiet.
!       <li>sftp(1): On ^Z wait for underlying ssh(1) to suspend before
!           suspending sftp(1) to ensure that ssh(1) restores the terminal mode
!           correctly if suspended during a password prompt.
!       <li>ssh(1): Avoid busy-wait when ssh(1) is suspended during a password
!           prompt.
!       <li>ssh(1), sshd(8): Correctly report errors during sending of ext-
!           info messages.
!       <li>sshd(8): fix NULL-deref crash if sshd(8) received an out-of-
!           sequence NEWKEYS message.
!       <li>sshd(8): Correct list of supported signature algorithms sent in
!           the server-sig-algs extension.
!       <li>sshd(8): Fix sending ext_info message if privsep is disabled.
!       <li>sshd(8): more strictly enforce the expected ordering of privilege
!           separation monitor calls used for authentication and allow them
!           only when their respective authentication methods are enabled
!           in the configuration
!       <li>sshd(8): Fix uninitialised optlen in getsockopt() call; harmless
!           on Unix/BSD but potentially crashy on Cygwin.
!       <li>Fix false positive reports caused by explicit_bzero(3) not being
!           recognised as a memory initialiser when compiled with
!           -fsanitize-memory.
!       <li>sshd_config(5): Use 2001:db8::/32, the official IPv6 subnet for
!           configuration examples.
!       <li>sshd(1): Fix NULL dereference crash when key exchange start
!           messages are sent out of sequence.
!       <li>ssh(1), sshd(8): Allow form-feed characters to appear in
!           configuration files.
!       <li>sshd(8): Fix regression in OpenSSH 7.4 support for the
!           server-sig-algs extension, where SHA2 RSA signature methods were
!           not being correctly advertised.
!       <li>ssh(1), ssh-keygen(1): Fix a number of case-sensitivity bugs in
!           known_hosts processing.
!       <li>ssh(1): Allow ssh to use certificates accompanied by a private key
!           file but no corresponding plain *.pub public key.
!       <li>ssh(1): When updating hostkeys using the UpdateHostKeys option,
!           accept RSA keys if HostkeyAlgorithms contains any RSA keytype.
!           Previously, ssh could ignore RSA keys when only the ssh-rsa-sha2-*
!           methods were enabled in HostkeyAlgorithms and not the old ssh-rsa
!           method.
!       <li>ssh(1): Detect and report excessively long configuration file
!           lines.
!       <li>Merge a number of fixes found by Coverity and reported via Redhat
!           and FreeBSD. Includes fixes for some memory and file descriptor
!           leaks in error paths.
!       <li>ssh-keyscan(1): Correctly hash hosts with a port number.
!       <li>ssh(1), sshd(8): When logging long messages to stderr, don't truncate
!           "\r\n" if the length of the message exceeds the buffer.
!       <li>ssh(1): Fully quote [host]:port in generated ProxyJump/-J command-
!           line; avoid confusion over IPv6 addresses and shells that treat
!           square bracket characters specially.
!       <li>ssh-keygen(1): Fix corruption of known_hosts when running
!           "ssh-keygen -H" on a known_hosts containing already-hashed entries.
!       <li>Fix various fallout and sharp edges caused by removing SSH protocol
!           1 support from the server, including the server banner string being
!           incorrectly terminated with only \n (instead of \r\n), confusing
!           error messages from ssh-keyscan a segfault in sshd
!           if protocol v.1 was enabled for the client and sshd_config
!           contained references to legacy keys.
!       <li>ssh(1), sshd(8): Free fd_set on connection timeout.
!       <li>sshd(8): Fix Unix domain socket forwarding for root (regression in
!           OpenSSH 7.4).
!       <li>sftp(1): Fix division by zero crash in "df" output when server
!           returns zero total filesystem blocks/inodes.
!       <li>ssh(1), ssh-add(1), ssh-keygen(1), sshd(8): Translate OpenSSL errors
!           encountered during key loading to more meaningful error codes.
!       <li>ssh-keygen(1): Sanitise escape sequences in key comments sent to
!           printf but preserve valid UTF-8 when the locale supports it.
!       <li>ssh(1), sshd(8): Return reason for port forwarding failures where
!           feasible rather than always "administratively prohibited".
!       <li>sshd(8): Fix deadlock when AuthorizedKeysCommand or
!           AuthorizedPrincipalsCommand produces a lot of output and a key is
!           matched early.
!       <li>ssh(1): Fix typo in ~C error message for bad port forward
!           cancellation.
!       <li>ssh(1): Show a useful error message when included config files
!           can't be opened.
!       <li>sshd(8): Make sshd set GSSAPIStrictAcceptorCheck=yes as the manual page
!           (previously incorrectly) advertised.
!       <li>sshd_config(5): Repair accidentally-deleted mention of %k token
!           in AuthorizedKeysCommand.
!       <li>sshd(8): Remove vestiges of previously removed LOGIN_PROGRAM;
!       <li>ssh-agent(1): Relax PKCS#11 whitelist to include libexec and
!           common 32-bit compatibility library directories.
!       <li>sftp-client(1): Fix non-exploitable integer overflow in SSH2_FXP_NAME
!           response handling.
!       <li>ssh-agent(1): Fix regression in 7.4 of deleting PKCS#11-hosted
!           keys. It was not possible to delete them except by specifying
!           their full physical path.
!       </ul>
      </ul>
  <p>