8507311 2002-05-27 20:19 +0200 /83 rader/ Jonas Eriksson <je@sekure.net>
Sänt av: joel@lysator.liu.se
Importerad: 2002-05-27 23:18 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <22416>
Mottagare: SSH (Secure Shell -) erfarenhetsutbyte <863>
Sänt: 2002-05-27 23:25
Sänt av Fredrik Aminoff (Island)
Ärende: OpenSSH 3.2.3 released (fwd)
------------------------------------------------------------
From: Jonas Eriksson <je@sekure.net>
To: bugtraq@securityfocus.com
Message-ID: <Pine.BSO.4.44.0205272018570.12553-100000@birdie.sekure.net>
---------- Forwarded message ----------
Date: Thu, 23 May 2002 10:08:08 +0200
From: Markus Friedl <Markus_Friedl@genua.de>
To: announce@openbsd.org
Subject: OpenSSH 3.2.3 released
OpenSSH 3.2.3 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
We would like to thank the OpenSSH community for their continued
support and encouragement.
Changes since OpenSSH 3.2.2:
============================
This release fixes several problems in OpenSSH 3.2.2:
- a defect in the BSD_AUTH access control handling for
OpenBSD and BSD/OS systems:
Under certain conditions, on systems using YP with netgroups
in the password database, it is possible that sshd does ACL
checks for the requested user name but uses the password
database entry of a different user for authentication. This
means that denied users might authenticate successfully while
permitted users could be locked out (OpenBSD PR 2659).
- login/tty problems on Solaris (bug #245)
- build problems on Cygwin systems
Changes between OpenSSH 3.1 and OpenSSH 3.2.2:
==============================================
Security Changes:
=================
- fixed buffer overflow in Kerberos/AFS token passing
- fixed overflow in Kerberos client code
- sshd no longer auto-enables Kerberos/AFS
- experimental support for privilege separation,
see UsePrivilegeSeparation in sshd(8) and
http://www.citi.umich.edu/u/provos/ssh/privsep.html
for more information.
- only accept RSA keys of size SSH_RSA_MINIMUM_MODULUS_SIZE (768)
or larger
Other Changes:
==============
- improved smartcard support (including support for OpenSC,
see www.opensc.org)
- improved Kerberos support (including support for MIT-Kerberos V)
- fixed stderr handling in protocol v2
- client reports failure if -R style TCP forwarding fails in
protocol v2
- support configuration of TCP forwarding during interactive
sessions (~C)
- improved support for older sftp servers
- improved support for importing old DSA keys (from ssh.com
software).
- client side suport for PASSWD_CHANGEREQ in protocol v2
- fixed waitpid race conditions
- record correct lastlogin time
Reporting Bugs:
===============
- please read http://www.openssh.com/report.html
and http://bugzilla.mindrot.org/
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
Raadt, Kevin Steves, Damien Miller and Ben Lindstrom.
(8507311) /Jonas Eriksson <je@sekure.net>/(Ombruten)
Kommentar i text 8507627 av Mathias Hansson (filigreed floatsam of fanciness)