linux, säkerhet

6258617 2001-03-22 16:49 +0100  /66 rader/ Jonas Eriksson <je@SEKURE.NET>
Sänt av: joel@lysator.liu.se
Importerad: 2001-03-22  20:05  av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: je@SEKURE.NET
Mottagare: Bugtraq (import) <16053>
Ärende: OpenSSH-2.5.2 (fwd)
------------------------------------------------------------
From: Jonas Eriksson <je@SEKURE.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <Pine.BSO.4.21.0103221648310.31795-100000@birdie.sekure.net>

---------- Forwarded message ----------
Date: Thu, 22 Mar 2001 11:49:03 +0100
From: Markus Friedl <Markus.Friedl@informatik.uni-erlangen.de>
To: announce@openbsd.org
Subject: OpenSSH-2.5.2

OpenSSH 2.5.2 is now available from the mirror sites
listed at http://www.openssh.com/

Security related changes:
	Improved countermeasure against "Passive Analysis of SSH
	(Secure Shell) Traffic"
	http://openwall.com/advisories/OW-003-ssh-traffic-analysis.txt

	The countermeasures introduced in earlier OpenSSH-2.5.x
	versions caused interoperability problems with some other
	implementations.

	Improved countermeasure against "SSH protocol 1.5 session key
	recovery vulnerability"
	http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm

New options:
	permitopen authorized_keys option to restrict portforwarding.

	PreferredAuthentications allows client to specify the order
	in which authentication methods are tried.

Sftp:
	sftp client supports globbing (get *, put *).

	Support for sftp protocol v3
(draft-ietf-secsh-filexfer-01.txt).

	Batch file (-b) support for automated transfers

Performance:
	Speedup DH exchange. OpenSSH should now be significantly faster when
	connecting use SSH protocol 2.

	Preferred SSH protocol 2 cipher is AES with hmac-md5. AES
	offers much faster throughput in a well scrutinised cipher.

Bugfixes:
	stderr handling fixes in SSH protocol 2.

	Improved interoperability.

Client:
	The client no longer asks for the the passphrase if the key
	will not be accepted by the server (SSH2_MSG_USERAUTH_PK_OK)

Miscellaneous:
	scp should now work for files > 2GB

	ssh-keygen can now generate fingerprints in the "bubble
	babble" format for exchanging fingerprints with SSH.COM's SSH
	protocol 2 implementation.

Preliminary patches for OpenBSD-2.6 are available on request.

-m
(6258617) /Jonas Eriksson <je@SEKURE.NET>/(Ombruten)