From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: Re: Fwd: [openssh-unix-announce] Announce: OpenSSH 8.6 released Date: Mon, 19 Apr 2021 12:14:11 +0200 Message-ID: <25fa6739-4732-d61e-3828-f57362c98c96@ipfire.org> In-Reply-To: <1727CFFE-1ADE-4B66-AD08-A4F70A1763DB@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4111659328739999010==" List-Id: --===============4111659328739999010== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Michael, On 19/04/2021 11:52, Michael Tremer wrote: > Morning, > > Does anyone want to grab this one? > No problem, I'll pick that up. Adolf >> Begin forwarded message: >> >> *From: *Damien Miller > >> *Subject: **[openssh-unix-announce] Announce: OpenSSH 8.6 released* >> *Date: *19 April 2021 at 01:53:14 BST >> *To: *openssh-unix-announce(a)mindrot.org >> >> OpenSSH 8.6 has just been released. It will be available from the >> mirrors listed at https://www.openssh.com/ shor= tly. >> >> OpenSSH is a 100% complete SSH protocol 2.0 implementation and >> includes sftp client and server support. >> >> Once again, we would like to thank the OpenSSH community for their >> continued support of the project, especially those who contributed >> code or patches, reported bugs, tested snapshots or donated to the >> project. More information on donations may be found at: >> https://www.openssh.com/donations.html >> >> Future deprecation notice >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> >> It is now possible[1] to perform chosen-prefix attacks against the >> SHA-1 algorithm for less than USD$50K. >> >> In the SSH protocol, the "ssh-rsa" signature scheme uses the SHA-1 >> hash algorithm in conjunction with the RSA public key algorithm. >> OpenSSH will disable this signature scheme by default in the near >> future. >> >> Note that the deactivation of "ssh-rsa" signatures does not necessarily >> require cessation of use for RSA keys. In the SSH protocol, keys may be >> capable of signing using multiple algorithms. In particular, "ssh-rsa" >> keys are capable of signing using "rsa-sha2-256" (RSA/SHA256), >> "rsa-sha2-512" (RSA/SHA512) and "ssh-rsa" (RSA/SHA1). Only the last of >> these is being turned off by default. >> >> This algorithm is unfortunately still used widely despite the >> existence of better alternatives, being the only remaining public key >> signature algorithm specified by the original SSH RFCs that is still >> enabled by default. >> >> The better alternatives include: >> >> * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These >> =C2=A0=C2=A0algorithms have the advantage of using the same key type as >> =C2=A0=C2=A0"ssh-rsa" but use the safe SHA-2 hash algorithms. These have b= een >> =C2=A0=C2=A0supported since OpenSSH 7.2 and are already used by default if= the >> =C2=A0=C2=A0client and server support them. >> >> * The RFC8709 ssh-ed25519 signature algorithm. It has been supported >> =C2=A0=C2=A0in OpenSSH since release 6.5. >> >> * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These >> =C2=A0=C2=A0have been supported by OpenSSH since release 5.7. >> >> To check whether a server is using the weak ssh-rsa public key >> algorithm, for host authentication, try to connect to it after >> removing the ssh-rsa algorithm from ssh(1)'s allowed list: >> >> =C2=A0=C2=A0=C2=A0ssh -oHostKeyAlgorithms=3D-ssh-rsa user(a)host >> >> If the host key verification fails and no other supported host key >> types are available, the server software on that host should be >> upgraded. >> >> OpenSSH recently enabled the UpdateHostKeys option by default to assist >> the client by automatically migrating to better algorithms. >> >> [1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and >> =C2=A0=C2=A0=C2=A0Application to the PGP Web of Trust" Leurent, G and Peyr= in, T >> =C2=A0=C2=A0=C2=A0(2020) https://eprint.iacr.org/2020/014.pdf >> >> Security >> =3D=3D=3D=3D=3D=3D=3D=3D >> >> * sshd(8): OpenSSH 8.5 introduced the LogVerbose keyword. When this >> =C2=A0=C2=A0option was enabled with a set of patterns that activated loggi= ng >> =C2=A0=C2=A0in code that runs in the low-privilege sandboxed sshd process,= the >> =C2=A0=C2=A0log messages were constructed in such a way that printf(3) for= mat >> =C2=A0=C2=A0strings could effectively be specified the low-privilege code. >> >> =C2=A0=C2=A0An attacker who had sucessfully exploited the low-privilege >> =C2=A0=C2=A0process could use this to escape OpenSSH's sandboxing and atta= ck >> =C2=A0=C2=A0the high-privilege process. Exploitation of this weakness is >> =C2=A0=C2=A0highly unlikely in practice as the LogVerbose option is not >> =C2=A0=C2=A0enabled by default and is typically only used for debugging. No >> =C2=A0=C2=A0vulnerabilities in the low-privilege process are currently kno= wn >> =C2=A0=C2=A0to exist. >> >> =C2=A0=C2=A0Thanks to Ilja Van Sprundel for reporting this bug. >> >> Changes since OpenSSH 8.5 >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> >> This release contains mostly bug fixes. >> >> New features >> ------------ >> >> * sftp-server(8): add a new limits(a)openssh.com protocol extension >> =C2=A0=C2=A0that allows a client to discover various server limits, includ= ing >> =C2=A0=C2=A0maximum packet size and maximum read/write length. >> >> * sftp(1): use the new limits(a)openssh.com extension (when available) >> =C2=A0=C2=A0to select better transfer lengths in the client. >> >> * sshd(8): Add ModuliFile keyword to sshd_config to specify the >> =C2=A0=C2=A0location of the "moduli" file containing the groups for DH-GEX. >> >> * unit tests: Add a TEST_SSH_ELAPSED_TIMES environment variable to >> =C2=A0=C2=A0enable printing of the elapsed time in seconds of each test. >> >> Bugfixes >> -------- >> >> * ssh_config(5), sshd_config(5): sync CASignatureAlgorithms lists in >> =C2=A0=C2=A0manual pages with the current default. GHPR#174 >> >> * ssh(1): ensure that pkcs11_del_provider() is called before exit. >> =C2=A0=C2=A0GHPR#234 >> >> * ssh(1), sshd(8): fix problems in string->argv conversion. Multiple >> =C2=A0=C2=A0backslashes were not being dequoted correctly and quoted space= in >> =C2=A0=C2=A0the middle of a string was being incorrectly split. GHPR#223 >> >> * ssh(1): return non-zero exit status when killed by signal; bz#3281 >> >> * sftp-server(8): increase maximum SSH2_FXP_READ to match the maximum >> =C2=A0=C2=A0packet size. Also handle zero-length reads that are not explic= itly >> =C2=A0=C2=A0banned by the spec. >> >> Portability >> ----------- >> >> * sshd(8): don't mistakenly exit on transient read errors on the >> =C2=A0=C2=A0network socket (e.g. EINTR, EAGAIN); bz3297 >> >> * Create a dedicated contrib/gnome-ssk-askpass3.c source instead of >> =C2=A0=C2=A0building it from the same file as used for GNOME2. Use the GNO= ME3 >> =C2=A0=C2=A0gdk_seat_grab() to manage keyboard/mouse/server grabs for bett= er >> =C2=A0=C2=A0compatibility with Wayland. >> >> * Fix portability build errors bz3293 bz3292 bz3291 bz3278 >> >> * sshd(8): soft-disallow the fstatat64 syscall in the Linux >> =C2=A0=C2=A0seccomp-bpf sandbox. bz3276 >> >> * unit tests: enable autoopt and misc unit tests that were >> =C2=A0=C2=A0previously skipped >> >> Checksums: >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> >> - SHA1 (openssh-8.6.tar.gz) =3D a3e93347eed6296faaaceb221e8786391530fccb >> - SHA256 (openssh-8.6.tar.gz) =3D ihmgdEgKfCBRpC0qzdQRwYownrpBf+rsihvk4Rmi= m8M=3D >> >> - SHA1 (openssh-8.6p1.tar.gz) =3D 8f9f0c94317baeb97747d6258f3997b4542762c0 >> - SHA256 (openssh-8.6p1.tar.gz) =3D w+bk2hYhdiyFDQO0fu0eSN/0zJYI3etUcgKiNN= +O164=3D >> >> Please note that the SHA256 signatures are base64 encoded and not >> hexadecimal (which is the default for most checksum tools). The PGP >> key used to sign the releases is available from the mirror sites: >> https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc >> >> Please note that the OpenPGP key used to sign releases has been >> rotated for this release. The new key has been signed by the previous >> key to provide continuity. >> >> Reporting Bugs: >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> >> - Please read https://www.openssh.com/report.html >> =C2=A0Security bugs should be reported directly to openssh(a)openssh.com >> _______________________________________________ >> openssh-unix-announce mailing list >> openssh-unix-announce(a)mindrot.org >> https://lists.mindrot.org/mailman/listinfo/openssh-unix-announce > --===============4111659328739999010==--