===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/69.html,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- www/69.html 2021/04/13 17:02:15 1.32
+++ www/69.html 2021/04/13 20:09:32 1.33
@@ -1171,65 +1171,198 @@
OpenSSH 8.5
-
+ - Security fixes
+
+ - ssh-agent(1):
+ fixed a double-free memory corruption that was introduced in OpenSSH
+ 8.2 . We treat all such memory faults as potentially exploitable. This
+ bug could be reached by an attacker with access to the agent socket.
-
+ On modern operating systems where the OS can provide information
+ about the user identity connected to a socket, OpenSSH ssh-agent and
+ sshd limit agent socket access only to the originating user and root.
+ Additional mitigation may be afforded by the system's
+ malloc(3)/free(3) implementation, if it detects double-free
+ conditions.
+ The most likely scenario for exploitation is a user forwarding an
+ agent either to an account shared with a malicious user or to a host
+ with an attacker holding root access.
+
- Potentially incompatible changes.
- - ...
+
- ssh(1), sshd(8): this release
+ changes the first-preference signature algorithm from ECDSA to
+ ED25519.
+
+
- ssh(1), sshd(8): set the TOS/DSCP
+ specified in the configuration for interactive use prior to TCP
+ connect. The connection phase of the SSH session is time-sensitive and
+ often explicitly interactive. The ultimate interactive/bulk TOS/DSCP
+ will be set after authentication completes.
+
+
- ssh(1), sshd(8): remove the
+ pre-standardization cipher rijndael-cbc@lysator.liu.se. It is an alias
+ for aes256-cbc before it was standardized in RFC4253 (2006), has been
+ deprecated and disabled by default since OpenSSH 7.2 (2016) and was
+ only briefly documented in ssh.1 in 2001.
+
+
- ssh(1), sshd(8): update/replace the
+ experimental post-quantum hybrid key exchange method based on
+ Streamlined NTRU Prime coupled with X25519.
+
+ The previous sntrup4591761x25519-sha512@tinyssh.org method is
+ replaced with sntrup761x25519-sha512@openssh.com. Per its designers,
+ the sntrup4591761 algorithm was superseded almost two years ago by
+ sntrup761.
+ (note this both the updated method and the one that it replaced are
+ disabled by default)
+
+ - ssh(1): disable
+ CheckHostIP by default. It provides insignificant benefits while
+ making key rotation significantly more difficult, especially for hosts
+ behind IP-based load-balancers.
- New Features
- - ...
+
- ssh(1): this release
+ enables UpdateHostkeys by default subject to some conservative
+ preconditions:
+
+ - The key was matched in the UserKnownHostsFile (and not in the
+ GlobalKnownHostsFile).
+
- The same key does not exist under another name.
+
- A certificate host key is not in use.
+
- known_hosts contains no matching wildcard hostname pattern.
+
- VerifyHostKeyDNS is not enabled.
+
- The default UserKnownHostsFile is in use.
+
+ We expect some of these conditions will be modified or relaxed in
+ future.
+
+ - ssh(1), sshd(8): add a new
+ LogVerbose configuration directive for that allows forcing maximum
+ debug logging by file/function/line pattern-lists.
+
+
- ssh(1): when
+ prompting the user to accept a new hostkey, display any other host
+ names/addresses already associated with the key.
+
+
- ssh(1): allow
+ UserKnownHostsFile=none to indicate that no known_hosts file should be
+ used to identify host keys.
+
+
- ssh(1): add a
+ ssh_config KnownHostsCommand option that allows the client to obtain
+ known_hosts data from a command in addition to the usual files.
+
+
- ssh(1): add a
+ ssh_config PermitRemoteOpen option that allows the client to restrict
+ the destination when RemoteForward is used with SOCKS.
+
+
- ssh(1): for FIDO
+ keys, if a signature operation fails with a "incorrect PIN" reason and
+ no PIN was initially requested from the user, then request a PIN and
+ retry the operation. This supports some biometric devices that fall
+ back to requiring PIN when reading of the biometric failed, and
+ devices that require PINs for all hosted credentials.
+
+
- sshd(8): implement
+ client address-based rate-limiting via new sshd_config(5)
+ PerSourceMaxStartups and PerSourceNetBlockSize directives that provide
+ more fine-grained control on a per-origin address basis than the
+ global MaxStartups limit.
- Bugfixes
- - ...
+
- ssh(1): Prefix
+ keyboard interactive prompts with "(user@host)" to make it easier to
+ determine which connection they are associated with in cases like scp
+ -3, ProxyJump, etc. bz#3224
+
+
- sshd(8): fix
+ sshd_config SetEnv directives located inside Match blocks. GHPR#201
+
+
- ssh(1): when
+ requesting a FIDO token touch on stderr, inform the user once the
+ touch has been recorded.
+
+
- ssh(1): prevent
+ integer overflow when ridiculously large ConnectTimeout values are
+ specified, capping the effective value (for most platforms) at 24
+ days. bz#3229
+
+
- ssh(1): consider the
+ ECDSA key subtype when ordering host key algorithms in the client.
+
+
- ssh(1), sshd(8): rename the
+ PubkeyAcceptedKeyTypes keyword to PubkeyAcceptedAlgorithms. The
+ previous name incorrectly suggested that it control allowed key
+ algorithms, when this option actually specifies the signature
+ algorithms that are accepted. The previous name remains available as
+ an alias. bz#3253
+
+
- ssh(1), sshd(8): similarly, rename
+ HostbasedKeyTypes (ssh) and HostbasedAcceptedKeyTypes (sshd) to
+ HostbasedAcceptedAlgorithms.
+
+
- sftp-server(8): add
+ missing lsetstat@openssh.com documentation and advertisement in the
+ server's SSH2_FXP_VERSION hello packet.
+
+
- ssh(1), sshd(8): more strictly
+ enforce KEX state-machine by banning packet types once they are
+ received. Fixes memleak caused by duplicate
+ SSH2_MSG_KEX_DH_GEX_REQUEST (oss-fuzz #30078).
+
+
- sftp(1): allow the
+ full range of UIDs/GIDs for chown/chgrp on 32bit platforms instead of
+ being limited by LONG_MAX. bz#3206
+
+
- Minor man page fixes (capitalization, commas, etc.) bz#3223
+
+
- sftp(1): when doing
+ an sftp recursive upload or download of a read-only directory, ensure
+ that the directory is created with write and execute permissions in
+ the interim so that the transfer can actually complete, then set the
+ directory permission as the final step. bz#3222
+
+
- ssh-keygen(1):
+ document the -Z, check the validity of its argument earlier and
+ provide a better error message if it's not correct. bz#2879
+
+
- ssh(1): ignore
+ comments at the end of config lines in ssh_config, similar to what we
+ already do for sshd_config. bz#2320
+
+
- sshd_config(5):
+ mention that DisableForwarding is valid in a sshd_config Match block.
+ bz3239
+
+
- sftp(1): fix
+ incorrect sorting of "ls -ltr" under some circumstances. bz3248.
+
+
- ssh(1), sshd(8): fix potential
+ integer truncation of (unlikely) timeout values. bz#3250
+
+
- ssh(1): make
+ hostbased authentication send the signature algorithm in its
+ SSH2_MSG_USERAUTH_REQUEST packets instead of the key type. This make
+ HostbasedAcceptedAlgorithms do what it is supposed to - filter on
+ signature algorithm and not key type.