===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/69.html,v
retrieving revision 1.32
retrieving revision 1.33
diff -c -r1.32 -r1.33
*** www/69.html 2021/04/13 17:02:15 1.32
--- www/69.html 2021/04/13 20:09:32 1.33
***************
*** 1171,1235 ****
OpenSSH 8.5
-
!
- Potentially incompatible changes.
- New Features
- Bugfixes
--- 1171,1368 ----
OpenSSH 8.5
+ - Security fixes
+
+ - ssh-agent(1):
+ fixed a double-free memory corruption that was introduced in OpenSSH
+ 8.2 . We treat all such memory faults as potentially exploitable. This
+ bug could be reached by an attacker with access to the agent socket.
! On modern operating systems where the OS can provide information
! about the user identity connected to a socket, OpenSSH ssh-agent and
! sshd limit agent socket access only to the originating user and root.
! Additional mitigation may be afforded by the system's
! malloc(3)/free(3) implementation, if it detects double-free
! conditions.
+ The most likely scenario for exploitation is a user forwarding an
+ agent either to an account shared with a malicious user or to a host
+ with an attacker holding root access.
+
- Potentially incompatible changes.
! - ssh(1), sshd(8): this release
! changes the first-preference signature algorithm from ECDSA to
! ED25519.
!
!
- ssh(1), sshd(8): set the TOS/DSCP
! specified in the configuration for interactive use prior to TCP
! connect. The connection phase of the SSH session is time-sensitive and
! often explicitly interactive. The ultimate interactive/bulk TOS/DSCP
! will be set after authentication completes.
!
!
- ssh(1), sshd(8): remove the
! pre-standardization cipher rijndael-cbc@lysator.liu.se. It is an alias
! for aes256-cbc before it was standardized in RFC4253 (2006), has been
! deprecated and disabled by default since OpenSSH 7.2 (2016) and was
! only briefly documented in ssh.1 in 2001.
!
!
- ssh(1), sshd(8): update/replace the
! experimental post-quantum hybrid key exchange method based on
! Streamlined NTRU Prime coupled with X25519.
!
! The previous sntrup4591761x25519-sha512@tinyssh.org method is
! replaced with sntrup761x25519-sha512@openssh.com. Per its designers,
! the sntrup4591761 algorithm was superseded almost two years ago by
! sntrup761.
! (note this both the updated method and the one that it replaced are
! disabled by default)
!
! - ssh(1): disable
! CheckHostIP by default. It provides insignificant benefits while
! making key rotation significantly more difficult, especially for hosts
! behind IP-based load-balancers.
- New Features
! - ssh(1): this release
! enables UpdateHostkeys by default subject to some conservative
! preconditions:
!
! - The key was matched in the UserKnownHostsFile (and not in the
! GlobalKnownHostsFile).
!
- The same key does not exist under another name.
!
- A certificate host key is not in use.
!
- known_hosts contains no matching wildcard hostname pattern.
!
- VerifyHostKeyDNS is not enabled.
!
- The default UserKnownHostsFile is in use.
!
! We expect some of these conditions will be modified or relaxed in
! future.
!
! - ssh(1), sshd(8): add a new
! LogVerbose configuration directive for that allows forcing maximum
! debug logging by file/function/line pattern-lists.
!
!
- ssh(1): when
! prompting the user to accept a new hostkey, display any other host
! names/addresses already associated with the key.
!
!
- ssh(1): allow
! UserKnownHostsFile=none to indicate that no known_hosts file should be
! used to identify host keys.
!
!
- ssh(1): add a
! ssh_config KnownHostsCommand option that allows the client to obtain
! known_hosts data from a command in addition to the usual files.
!
!
- ssh(1): add a
! ssh_config PermitRemoteOpen option that allows the client to restrict
! the destination when RemoteForward is used with SOCKS.
!
!
- ssh(1): for FIDO
! keys, if a signature operation fails with a "incorrect PIN" reason and
! no PIN was initially requested from the user, then request a PIN and
! retry the operation. This supports some biometric devices that fall
! back to requiring PIN when reading of the biometric failed, and
! devices that require PINs for all hosted credentials.
!
!
- sshd(8): implement
! client address-based rate-limiting via new sshd_config(5)
! PerSourceMaxStartups and PerSourceNetBlockSize directives that provide
! more fine-grained control on a per-origin address basis than the
! global MaxStartups limit.
- Bugfixes
! - ssh(1): Prefix
! keyboard interactive prompts with "(user@host)" to make it easier to
! determine which connection they are associated with in cases like scp
! -3, ProxyJump, etc. bz#3224
!
!
- sshd(8): fix
! sshd_config SetEnv directives located inside Match blocks. GHPR#201
!
!
- ssh(1): when
! requesting a FIDO token touch on stderr, inform the user once the
! touch has been recorded.
!
!
- ssh(1): prevent
! integer overflow when ridiculously large ConnectTimeout values are
! specified, capping the effective value (for most platforms) at 24
! days. bz#3229
!
!
- ssh(1): consider the
! ECDSA key subtype when ordering host key algorithms in the client.
!
!
- ssh(1), sshd(8): rename the
! PubkeyAcceptedKeyTypes keyword to PubkeyAcceptedAlgorithms. The
! previous name incorrectly suggested that it control allowed key
! algorithms, when this option actually specifies the signature
! algorithms that are accepted. The previous name remains available as
! an alias. bz#3253
!
!
- ssh(1), sshd(8): similarly, rename
! HostbasedKeyTypes (ssh) and HostbasedAcceptedKeyTypes (sshd) to
! HostbasedAcceptedAlgorithms.
!
!
- sftp-server(8): add
! missing lsetstat@openssh.com documentation and advertisement in the
! server's SSH2_FXP_VERSION hello packet.
!
!
- ssh(1), sshd(8): more strictly
! enforce KEX state-machine by banning packet types once they are
! received. Fixes memleak caused by duplicate
! SSH2_MSG_KEX_DH_GEX_REQUEST (oss-fuzz #30078).
!
!
- sftp(1): allow the
! full range of UIDs/GIDs for chown/chgrp on 32bit platforms instead of
! being limited by LONG_MAX. bz#3206
!
!
- Minor man page fixes (capitalization, commas, etc.) bz#3223
!
!
- sftp(1): when doing
! an sftp recursive upload or download of a read-only directory, ensure
! that the directory is created with write and execute permissions in
! the interim so that the transfer can actually complete, then set the
! directory permission as the final step. bz#3222
!
!
- ssh-keygen(1):
! document the -Z, check the validity of its argument earlier and
! provide a better error message if it's not correct. bz#2879
!
!
- ssh(1): ignore
! comments at the end of config lines in ssh_config, similar to what we
! already do for sshd_config. bz#2320
!
!
- sshd_config(5):
! mention that DisableForwarding is valid in a sshd_config Match block.
! bz3239
!
!
- sftp(1): fix
! incorrect sorting of "ls -ltr" under some circumstances. bz3248.
!
!
- ssh(1), sshd(8): fix potential
! integer truncation of (unlikely) timeout values. bz#3250
!
!
- ssh(1): make
! hostbased authentication send the signature algorithm in its
! SSH2_MSG_USERAUTH_REQUEST packets instead of the key type. This make
! HostbasedAcceptedAlgorithms do what it is supposed to - filter on
! signature algorithm and not key type.