Security Dashboard
OpenSSH 4.7/4.7p1 released
Thursday 6 September 2007
OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.Security bugs resolved in this release:
Prevent ssh(1) from using a trusted X11 cookie if creation of an
untrusted cookie fails; found and fixed by Jan Pechanec.
Other changes, new functionality and fixes in this release:
sshd(8) in new installations defaults to SSH Protocol 2 only.
Existing installations are unchanged.
The SSH channel window size has been increased, and both ssh(1)
sshd(8) now send window updates more aggressively. These improves
performance on high-BDP (Bandwidth Delay Product) networks.
ssh(1) and sshd(8) now preserve MAC contexts between packets, which
saves 2 hash calls per packet and results in 12-16% speedup for
arcfour256/hmac-md5.
A new MAC algorithm has been added, UMAC-64 (RFC4418) as
"umac-64@openssh.com". UMAC-64 has been measured to be
approximately 20% faster than HMAC-MD5.
A -K flag was added to ssh(1) to set GSSAPIAuthentication=Yes
Failure to establish a ssh(1) TunnelForward is now treated as a
fatal error when the ExitOnForwardFailure option is set.
ssh(1) returns a sensible exit status if the control master goes
away without passing the full exit status. (bz #1261)
Portable OpenSSH bugs
POSTSCRIPTUM
RELATED ARTICLES
Connectivity, OpenSSH, 13 April 2008 : OpenSSH 5.0 released6 September 2007 : OpenSSH 4.7/4.7p1 released10 March 2007 : OpenSSH 4.6/4.6p1 released
