=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/69.html,v retrieving revision 1.32 retrieving revision 1.33 diff -c -r1.32 -r1.33 *** www/69.html 2021/04/13 17:02:15 1.32 --- www/69.html 2021/04/13 20:09:32 1.33 *************** *** 1171,1235 ****

OpenSSH 8.5 -

Potentially incompatible changes.
- ...
New Features
- ...
Bugfixes
- ...

--- 1171,1368 ----

OpenSSH 8.5

Security fixes +
- ssh-agent(1): + fixed a double-free memory corruption that was introduced in OpenSSH + 8.2 . We treat all such memory faults as potentially exploitable. This + bug could be reached by an attacker with access to the agent socket.
  ! On modern operating systems where the OS can provide information ! about the user identity connected to a socket, OpenSSH ssh-agent and ! sshd limit agent socket access only to the originating user and root. ! Additional mitigation may be afforded by the system's ! malloc(3)/free(3) implementation, if it detects double-free ! conditions.
  + The most likely scenario for exploitation is a user forwarding an + agent either to an account shared with a malicious user or to a host + with an attacker holding root access. +
Potentially incompatible changes.
- ssh(1), sshd(8): this release ! changes the first-preference signature algorithm from ECDSA to ! ED25519. ! !
- ssh(1), sshd(8): set the TOS/DSCP ! specified in the configuration for interactive use prior to TCP ! connect. The connection phase of the SSH session is time-sensitive and ! often explicitly interactive. The ultimate interactive/bulk TOS/DSCP ! will be set after authentication completes. ! !
- ssh(1), sshd(8): remove the ! pre-standardization cipher rijndael-cbc@lysator.liu.se. It is an alias ! for aes256-cbc before it was standardized in RFC4253 (2006), has been ! deprecated and disabled by default since OpenSSH 7.2 (2016) and was ! only briefly documented in ssh.1 in 2001. ! !
- ssh(1), sshd(8): update/replace the ! experimental post-quantum hybrid key exchange method based on ! Streamlined NTRU Prime coupled with X25519.
  ! ! The previous sntrup4591761x25519-sha512@tinyssh.org method is ! replaced with sntrup761x25519-sha512@openssh.com. Per its designers, ! the sntrup4591761 algorithm was superseded almost two years ago by ! sntrup761. ! (note this both the updated method and the one that it replaced are ! disabled by default) ! !
- ssh(1): disable ! CheckHostIP by default. It provides insignificant benefits while ! making key rotation significantly more difficult, especially for hosts ! behind IP-based load-balancers.
New Features
- ssh(1): this release ! enables UpdateHostkeys by default subject to some conservative ! preconditions: !
  - The key was matched in the UserKnownHostsFile (and not in the ! GlobalKnownHostsFile). !
  - The same key does not exist under another name. !
  - A certificate host key is not in use. !
  - known_hosts contains no matching wildcard hostname pattern. !
  - VerifyHostKeyDNS is not enabled. !
  - The default UserKnownHostsFile is in use. !
  ! We expect some of these conditions will be modified or relaxed in ! future. ! !
- ssh(1), sshd(8): add a new ! LogVerbose configuration directive for that allows forcing maximum ! debug logging by file/function/line pattern-lists. ! !
- ssh(1): when ! prompting the user to accept a new hostkey, display any other host ! names/addresses already associated with the key. ! !
- ssh(1): allow ! UserKnownHostsFile=none to indicate that no known_hosts file should be ! used to identify host keys. ! !
- ssh(1): add a ! ssh_config KnownHostsCommand option that allows the client to obtain ! known_hosts data from a command in addition to the usual files. ! !
- ssh(1): add a ! ssh_config PermitRemoteOpen option that allows the client to restrict ! the destination when RemoteForward is used with SOCKS. ! !
- ssh(1): for FIDO ! keys, if a signature operation fails with a "incorrect PIN" reason and ! no PIN was initially requested from the user, then request a PIN and ! retry the operation. This supports some biometric devices that fall ! back to requiring PIN when reading of the biometric failed, and ! devices that require PINs for all hosted credentials. ! !
- sshd(8): implement ! client address-based rate-limiting via new sshd_config(5) ! PerSourceMaxStartups and PerSourceNetBlockSize directives that provide ! more fine-grained control on a per-origin address basis than the ! global MaxStartups limit.
Bugfixes
- ssh(1): Prefix ! keyboard interactive prompts with "(user@host)" to make it easier to ! determine which connection they are associated with in cases like scp ! -3, ProxyJump, etc. bz#3224 ! !
- sshd(8): fix ! sshd_config SetEnv directives located inside Match blocks. GHPR#201 ! !
- ssh(1): when ! requesting a FIDO token touch on stderr, inform the user once the ! touch has been recorded. ! !
- ssh(1): prevent ! integer overflow when ridiculously large ConnectTimeout values are ! specified, capping the effective value (for most platforms) at 24 ! days. bz#3229 ! !
- ssh(1): consider the ! ECDSA key subtype when ordering host key algorithms in the client. ! !
- ssh(1), sshd(8): rename the ! PubkeyAcceptedKeyTypes keyword to PubkeyAcceptedAlgorithms. The ! previous name incorrectly suggested that it control allowed key ! algorithms, when this option actually specifies the signature ! algorithms that are accepted. The previous name remains available as ! an alias. bz#3253 ! !
- ssh(1), sshd(8): similarly, rename ! HostbasedKeyTypes (ssh) and HostbasedAcceptedKeyTypes (sshd) to ! HostbasedAcceptedAlgorithms. ! !
- sftp-server(8): add ! missing lsetstat@openssh.com documentation and advertisement in the ! server's SSH2_FXP_VERSION hello packet. ! !
- ssh(1), sshd(8): more strictly ! enforce KEX state-machine by banning packet types once they are ! received. Fixes memleak caused by duplicate ! SSH2_MSG_KEX_DH_GEX_REQUEST (oss-fuzz #30078). ! !
- sftp(1): allow the ! full range of UIDs/GIDs for chown/chgrp on 32bit platforms instead of ! being limited by LONG_MAX. bz#3206 ! !
- Minor man page fixes (capitalization, commas, etc.) bz#3223 ! !
- sftp(1): when doing ! an sftp recursive upload or download of a read-only directory, ensure ! that the directory is created with write and execute permissions in ! the interim so that the transfer can actually complete, then set the ! directory permission as the final step. bz#3222 ! !
- ssh-keygen(1): ! document the -Z, check the validity of its argument earlier and ! provide a better error message if it's not correct. bz#2879 ! !
- ssh(1): ignore ! comments at the end of config lines in ssh_config, similar to what we ! already do for sshd_config. bz#2320 ! !
- sshd_config(5): ! mention that DisableForwarding is valid in a sshd_config Match block. ! bz3239 ! !
- sftp(1): fix ! incorrect sorting of "ls -ltr" under some circumstances. bz3248. ! !
- ssh(1), sshd(8): fix potential ! integer truncation of (unlikely) timeout values. bz#3250 ! !
- ssh(1): make ! hostbased authentication send the signature algorithm in its ! SSH2_MSG_USERAUTH_REQUEST packets instead of the key type. This make ! HostbasedAcceptedAlgorithms do what it is supposed to - filter on ! signature algorithm and not key type.