6258617 2001-03-22 16:49 +0100 /66 rader/ Jonas Eriksson <je@SEKURE.NET> Sänt av: joel@lysator.liu.se Importerad: 2001-03-22 20:05 av Brevbäraren (som är implementerad i) Python Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM Externa svar till: je@SEKURE.NET Mottagare: Bugtraq (import) <16053> Ärende: OpenSSH-2.5.2 (fwd) ------------------------------------------------------------ From: Jonas Eriksson <je@SEKURE.NET> To: BUGTRAQ@SECURITYFOCUS.COM Message-ID: <Pine.BSO.4.21.0103221648310.31795-100000@birdie.sekure.net> ---------- Forwarded message ---------- Date: Thu, 22 Mar 2001 11:49:03 +0100 From: Markus Friedl <Markus.Friedl@informatik.uni-erlangen.de> To: announce@openbsd.org Subject: OpenSSH-2.5.2 OpenSSH 2.5.2 is now available from the mirror sites listed at http://www.openssh.com/ Security related changes: Improved countermeasure against "Passive Analysis of SSH (Secure Shell) Traffic" http://openwall.com/advisories/OW-003-ssh-traffic-analysis.txt The countermeasures introduced in earlier OpenSSH-2.5.x versions caused interoperability problems with some other implementations. Improved countermeasure against "SSH protocol 1.5 session key recovery vulnerability" http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm New options: permitopen authorized_keys option to restrict portforwarding. PreferredAuthentications allows client to specify the order in which authentication methods are tried. Sftp: sftp client supports globbing (get *, put *). Support for sftp protocol v3 (draft-ietf-secsh-filexfer-01.txt). Batch file (-b) support for automated transfers Performance: Speedup DH exchange. OpenSSH should now be significantly faster when connecting use SSH protocol 2. Preferred SSH protocol 2 cipher is AES with hmac-md5. AES offers much faster throughput in a well scrutinised cipher. Bugfixes: stderr handling fixes in SSH protocol 2. Improved interoperability. Client: The client no longer asks for the the passphrase if the key will not be accepted by the server (SSH2_MSG_USERAUTH_PK_OK) Miscellaneous: scp should now work for files > 2GB ssh-keygen can now generate fingerprints in the "bubble babble" format for exchanging fingerprints with SSH.COM's SSH protocol 2 implementation. Preliminary patches for OpenBSD-2.6 are available on request. -m (6258617) /Jonas Eriksson <je@SEKURE.NET>/(Ombruten)