OpenSSH 3.2.3 released

Tuesday, 28 May 2002, 5:58 PM EST

OpenSSH 3.2.3 has been released. It is available to download through the OpenSSH Homepage and available mirrors.

Changes since OpenSSH 3.2.2:

This release fixes several problems in OpenSSH 3.2.2:

- a defect in the BSD_AUTH access control handling for OpenBSD and BSD/OS systems:

Under certain conditions, on systems using YP with netgroups in the password database, it is possible that sshd does ACL checks for the requested user name but uses the password database entry of a different user for authentication. This means that denied users might authenticate successfully while permitted users could be locked out (OpenBSD PR 2659).

- login/tty problems on Solaris (bug #245)
- build problems on Cygwin systems



Changes between OpenSSH 3.1 and OpenSSH 3.2.2:

Security Changes:

- fixed buffer overflow in Kerberos/AFS token passing
- fixed overflow in Kerberos client code
- sshd no longer auto-enables Kerberos/AFS
- experimental support for privilege separation,
see UsePrivilegeSeparation in sshd(8) and http://www.citi.umich.edu/u/provos/ssh/privsep.html for more information.
- only accept RSA keys of size SSH_RSA_MINIMUM_MODULUS_SIZE (768) or larger



Other Changes:

- improved smartcard support (including support for OpenSC, see www.opensc.org)
- improved Kerberos support (including support for MIT-Kerberos V)
- fixed stderr handling in protocol v2
- client reports failure if -R style TCP forwarding fails in protocol v2
- support configuration of TCP forwarding during interactive sessions (~C)
- improved support for older sftp servers
- improved support for importing old DSA keys (from ssh.com software).
- client side suport for PASSWD_CHANGEREQ in protocol v2
- fixed waitpid race conditions
- record correct lastlogin time

[ Read more ]

Related items




Spotlight

Bash Shellshock bug: More attacks, more patches

Posted on 29 September 2014.  |  As vendors scramble to issue patches for the GNU Bash Shellshock bug and companies rush to implement them, attackers around the world are probing systems for the hole it opens.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //