[19772] in bugtraq
OpenSSH-2.5.2 (fwd)
daemon@ATHENA.MIT.EDU (Jonas Eriksson)
Thu Mar 22 14:15:12 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.BSO.4.21.0103221648310.31795-100000@birdie.sekure.net>
Date: Thu, 22 Mar 2001 16:49:00 +0100
Reply-To: Jonas Eriksson <je@SEKURE.NET>
From: Jonas Eriksson <je@SEKURE.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
---------- Forwarded message ----------
Date: Thu, 22 Mar 2001 11:49:03 +0100
From: Markus Friedl <Markus.Friedl@informatik.uni-erlangen.de>
To: announce@openbsd.org
Subject: OpenSSH-2.5.2
OpenSSH 2.5.2 is now available from the mirror sites
listed at http://www.openssh.com/
Security related changes:
Improved countermeasure against "Passive Analysis of SSH
(Secure Shell) Traffic"
http://openwall.com/advisories/OW-003-ssh-traffic-analysis.txt
The countermeasures introduced in earlier OpenSSH-2.5.x versions
caused interoperability problems with some other implementations.
Improved countermeasure against "SSH protocol 1.5 session
key recovery vulnerability"
http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm
New options:
permitopen authorized_keys option to restrict portforwarding.
PreferredAuthentications allows client to specify the order in which
authentication methods are tried.
Sftp:
sftp client supports globbing (get *, put *).
Support for sftp protocol v3 (draft-ietf-secsh-filexfer-01.txt).
Batch file (-b) support for automated transfers
Performance:
Speedup DH exchange. OpenSSH should now be significantly faster when
connecting use SSH protocol 2.
Preferred SSH protocol 2 cipher is AES with hmac-md5. AES offers
much faster throughput in a well scrutinised cipher.
Bugfixes:
stderr handling fixes in SSH protocol 2.
Improved interoperability.
Client:
The client no longer asks for the the passphrase if the key
will not be accepted by the server (SSH2_MSG_USERAUTH_PK_OK)
Miscellaneous:
scp should now work for files > 2GB
ssh-keygen can now generate fingerprints in the "bubble babble"
format for exchanging fingerprints with SSH.COM's SSH protocol 2
implementation.
Preliminary patches for OpenBSD-2.6 are available on request.
-m
