===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/75.html,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- www/75.html 2024/03/23 14:06:26 1.15
+++ www/75.html 2024/03/23 18:46:47 1.16
@@ -414,19 +414,87 @@
-
OpenSSH 9.x and OpenSSH 9.x
+OpenSSH 9.6 and OpenSSH 9.7
- - Potentially incompatible changes
+
- Security fixes
- - ...
+
- ssh(1), sshd(8): implement protocol extensions to thwart the
+ so-called "Terrapin attack" discovered by Fabian Bäumer, Marcus
+ Brinkmann and Jörg Schwenk. This attack allows a MITM to effect a
+ limited break of the integrity of the early encrypted SSH transport
+ protocol by sending extra messages prior to the commencement of
+ encryption, and deleting an equal number of consecutive messages
+ immediately after encryption starts. A peer SSH client/server
+ would not be able to detect that messages were deleted.
+
+
While cryptographically novel, the security impact of this attack
+ is fortunately very limited as it only allows deletion of
+ consecutive messages, and deleting most messages at this stage of
+ the protocol prevents user user authentication from proceeding and
+ results in a stuck connection.
+
+
The most serious identified impact is that it lets a MITM to
+ delete the SSH2_MSG_EXT_INFO message sent before authentication
+ starts, allowing the attacker to disable a subset of the keystroke
+ timing obfuscation features introduced in OpenSSH 9.5. There is no
+ other discernable impact to session secrecy or session integrity.
+
+ - ssh-agent(1): when adding PKCS#11-hosted private keys while
+ specifying destination constraints, if the PKCS#11 token returned
+ multiple keys then only the first key had the constraints applied.
+ Use of regular private keys, FIDO tokens and unconstrained keys
+ are unaffected.
+
+
- ssh(1): if an invalid user or hostname that contained shell
+ metacharacters was passed to ssh(1), and a ProxyCommand,
+ LocalCommand directive or "match exec" predicate referenced the
+ user or hostname via %u, %h or similar expansion token, then
+ an attacker who could supply arbitrary user/hostnames to ssh(1)
+ could potentially perform command injection depending on what
+ quoting was present in the user-supplied ssh_config(5) directive.
+
+
OpenSSH 9.6 now
+ bans most shell metacharacters from user and hostnames supplied
+ via the command-line. This countermeasure is not guaranteed to be
+ effective in all situations, as it is infeasible for ssh(1) to
+ universally filter shell metacharacters potentially relevant to
+ user-supplied commands.
+
+
User/hostnames provided via ssh_config(5) are not subject to these
+ restrictions, allowing configurations that use strange names to
+ continue to be used, under the assumption that the user knows what
+ they are doing in their own configuration files.
- New features
- - ...
+
- ssh(1), sshd(8): add a "global" ChannelTimeout type that watches
+ all open channels and will close all open channels if there is no
+ traffic on any of them for the specified interval. This is in
+ addition to the existing per-channel timeouts added recently.
+
This supports situations like having both session and x11
+ forwarding channels open where one may be idle for an extended
+ period but the other is actively used. The global timeout could
+ close both channels when both have been idle for too long.
+
+ - All: make DSA key support compile-time optional, defaulting to on.
- Bugfixes
- - ...
+
- sshd(8): don't append an unnecessary space to the end of subsystem
+ arguments (bz3667)
+
+
- ssh(1): fix the multiplexing "channel proxy" mode, broken when
+ keystroke timing obfuscation was added. (GHPR#463)
+
+
- ssh(1), sshd(8): fix spurious configuration parsing errors when
+ options that accept array arguments are overridden (bz3657).
+
+
- ssh-agent(1): fix potential spin in signal handler (bz3670)
+
+
- Many fixes to manual pages and other documentation, including
+ GHPR#462, GHPR#454, GHPR#442 and GHPR#441.
+
+
- Greatly improve interop testing against PuTTY.