OpenSSH Version 8.0 Released
Written by Nikos Vaggalis   
Tuesday, 07 May 2019

The OpenSSH suite, a complete SSH protocol 2.0 implementation which includes a sftp client and server, reaches version 8.0.

 

The release mainly fixes a vulnerability (CVE-2019-6111) in the scp protocol that:

when copying files from a remote system
to a local directory, scp(1) did not verify that the filenames that
the server sent matched those requested by the client. This could allow a hostile server to create or clobber unexpected local files with attacker-controlled content.

This release adds client-side checking that the filenames sent from the server match the command-line request

It had been advised before not to use the scp protocol since it is old and buggy and instead use sftp.Nevertheless this release provides a fix for those hardcore scp users, who for instance have complained that using scp in scripts is much easier than using sftp.

Amongst the enhancements, the most important are the support for ECDSA keys in PKCS#11 tokens and that the RSA keys' generated size now defaults to 3072 bits.

Of course, there are also several bug fixes such as:

  • Avoid sending SIGPIPE to child processes if they attempt
    to write to stderr after their parent processes have exited

  • Sanitize scp filenames to allow UTF-8 characters without
    terminal control sequences

The new release also fixes a number of memory leaks.

Full details and the announcement here.

opensshsq

More Information

[openssh-unix-announce] Announce: OpenSSH 8.0 released

OpenSSH 

Related Articles

EU Bug Bounty - Software Security as a Civil Right 

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

 

Banner


pg_parquet - Postgres To Parquet Interoperability
28/11/2024

pg_parquet is a new extension by Crunchy Data that allows a PostgreSQL instance to work with Parquet files. With pg_duckdb, pg_analytics and pg_mooncake all of which can access Parquet files, is  [ ... ]



Can You Solve The GCHQ Christmas Challenge 2024
20/12/2024

The GCHQ Christmas Challenge has become a pre-Christmas tradition. While it is primarily targeted at school students working in teams, GCHQ encourages both children and adults to give it a try.


More News

 

espbook

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Tuesday, 07 May 2019 )