[The major change in OpenSSH 3.2.2, security-wise, is the Kerberos/AFS fix. I'm not upgrading in a hurry since none of my clients use Kerberos and Kerberos/AFS are diabled in 3.1p1 by default -- Raju]
This is an RFC 1153 digest. (1 message) ---------------------------------------------------------------------- Message-ID: <[EMAIL PROTECTED]> From: Jonas Eriksson <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: OpenSSH 3.2.2 released (fwd) Date: Fri, 17 May 2002 08:42:42 +0200 (CEST) New OpenSSH with security changes. -- Favourite pickup line: Hey baby, wanna synchronize sequence numbers? Warning: not always effective ---------- Forwarded message ---------- Date: Fri, 17 May 2002 00:35:34 +0200 From: Markus Friedl <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: OpenSSH 3.2.2 released OpenSSH 3.2.2 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support and encouragement. Security Changes: ================= - fixed buffer overflow in Kerberos/AFS token passing - fixed overflow in Kerberos client code - sshd no longer auto-enables Kerberos/AFS - experimental support for privilege separation, see UsePrivilegeSeparation in sshd(8) and http://www.citi.umich.edu/u/provos/ssh/privsep.html for more information. - only accept RSA keys of size SSH_RSA_MINIMUM_MODULUS_SIZE (768) or larger Other Changes: ============== - improved smartcard support (including support for OpenSC, see www.opensc.org) - improved Kerberos support (including support for MIT-Kerberos V) - fixed stderr handling in protocol v2 - client reports failure if -R style TCP forwarding fails in protocol v2 - support configuration of TCP forwarding during interactive sessions (~C) - improved support for older sftp servers - improved support for importing old DSA keys (from ssh.com software). - client side suport for PASSWD_CHANGEREQ in protocol v2 - fixed waitpid race conditions - record correct lastlogin time Reporting Bugs: =============== - please read http://www.openssh.com/report.html and http://bugzilla.mindrot.org/ OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller and Ben Lindstrom. ------------------------------ End of this Digest ****************** -- Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/ It is the mind that moves ================================================ To subscribe, send email to [EMAIL PROTECTED] with subscribe in subject header To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject header Archives are available at http://www.mail-archive.com/ilugd%40wpaa.org =================================================
