2011年5月 7日

[installer 2787] OpenSSH 5.8p2

OpenSSH 5.8p2 出ています。

セキュリティホールの修正版です。
http://www.openssh.com/txt/portable-keysign-rand-helper.adv
参照のこと。

☆ openssh-5.8p2
http://www.openssh.com/

ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.8p2.tar.gz
ftp://ftp.jp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.8p2.tar.gz

Changes since OpenSSH 5.8p1
===========================

Security:

* Fix local private host key compromise on platforms without host-
level randomness support (e.g. /dev/random) reported by Tomas Mraz

On hosts that did not have a randomness source configured in
OpenSSL and were not configured to use EGD/PRNGd (using the
--with-prngd-socket configure option), the ssh-rand-helper command
was being implicitly executed by ssh-keysign with open file
descriptors to the host private keys. An attacker could use
ptrace(2) to attach to ssh-rand-helper and exfiltrate the keys.

Most modern operating systems are not vulnerable. In particular,
*BSD, Linux, OS X and Cygwin do not use ssh-rand-helper.

A full advisory for this issue is available at:
http://www.openssh.com/txt/portable-keysign-rand-helper.adv

Portable OpenSSH Bugfixes:

* Fix compilation failure when enabling SELinux support.

* Revised Cygwin ssh-{host,user}-config that include ECDSA key
support.

* Revised Cygwin ssh-host-config to be more thorough in error checking
and reporting.

Checksums:
==========

- SHA1 (openssh-5.8p2.tar.gz) = e610270e0c5484fb291cd81bbcbefbeb5e391a62

----
こがよういちろう


投稿者 xml-rpc : 2011年5月 7日 10:42
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/103639
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。