Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2518 Multiple vulnerabilities identified in OpenSSH prior to version 7.8 24 August 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: OpenSSH Publisher: OpenSSH Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade Original Bulletin: http://www.openssh.com/txt/release-7.8 - --------------------------BEGIN INCLUDED TEXT-------------------- OpenSSH 7.8 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at: http://www.openssh.com/donations.html Potentially-incompatible changes ================================ This release includes a number of changes that may affect existing configurations: * ssh-keygen(1): write OpenSSH format private keys by default instead of using OpenSSL's PEM format. The OpenSSH format, supported in OpenSSH releases since 2014 and described in the PROTOCOL.key file in the source distribution, offers substantially better protection against offline password guessing and supports key comments in private keys. If necessary, it is possible to write old PEM-style keys by adding "-m PEM" to ssh-keygen's arguments when generating or updating a key. * sshd(8): remove internal support for S/Key multiple factor authentication. S/Key may still be used via PAM or BSD auth. * ssh(1): remove vestigal support for running ssh(1) as setuid. This used to be required for hostbased authentication and the (long gone) rhosts-style authentication, but has not been necessary for a long time. Attempting to execute ssh as a setuid binary, or with uid != effective uid will now yield a fatal error at runtime. * sshd(8): the semantics of PubkeyAcceptedKeyTypes and the similar HostbasedAcceptedKeyTypes options have changed. These now specify signature algorithms that are accepted for their respective authentication mechanism, where previously they specified accepted key types. This distinction matters when using the RSA/SHA2 signature algorithms "rsa-sha2-256", "rsa-sha2-512" and their certificate counterparts. Configurations that override these options but omit these algorithm names may cause unexpected authentication failures (no action is required for configurations that accept the default for these options). * sshd(8): the precedence of session environment variables has changed. ~/.ssh/environment and environment="..." options in authorized_keys files can no longer override SSH_* variables set implicitly by sshd. * ssh(1)/sshd(8): the default IPQoS used by ssh/sshd has changed. They will now use DSCP AF21 for interactive traffic and CS1 for bulk. For a detailed rationale, please see the commit message: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/readconf.c#rev1.284 Changes since OpenSSH 7.7 ========================= This is primarily a bugfix release. New Features - ------------ * ssh(1)/sshd(8): add new signature algorithms "rsa-sha2-256-cert- v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to explicitly force use of RSA/SHA2 signatures in authentication. * sshd(8): extend the PermitUserEnvironment option to accept a whitelist of environment variable names in addition to global "yes" or "no" settings. * sshd(8): add a PermitListen directive to sshd_config(5) and a corresponding permitlisten= authorized_keys option that control which listen addresses and port numbers may be used by remote forwarding (ssh -R ...). * sshd(8): add some countermeasures against timing attacks used for account validation/enumeration. sshd will enforce a minimum time or each failed authentication attempt consisting of a global 5ms minimum plus an additional per-user 0-4ms delay derived from a host secret. * sshd(8): add a SetEnv directive to allow an administrator to explicitly specify environment variables in sshd_config. Variables set by SetEnv override the default and client-specified environment. * ssh(1): add a SetEnv directive to request that the server sets an environment variable in the session. Similar to the existing SendEnv option, these variables are set subject to server configuration. * ssh(1): allow "SendEnv -PATTERN" to clear environment variables previously marked for sending to the server. bz#1285 * ssh(1)/sshd(8): make UID available as a %-expansion everywhere that the username is available currently. bz#2870 * ssh(1): allow setting ProxyJump=none to disable ProxyJump functionality. bz#2869 Bugfixes - -------- * sshd(8): avoid observable differences in request parsing that could be used to determine whether a target user is valid. * all: substantial internal refactoring * ssh(1)/sshd(8): fix some memory leaks; bz#2366 * ssh(1): fix a pwent clobber (introduced in openssh-7.7) that could occur during key loading, manifesting as crash on some platforms. * sshd_config(5): clarify documentation for AuthenticationMethods option; bz#2663 * ssh(1): ensure that the public key algorithm sent in a public key SSH_MSG_USERAUTH_REQUEST matches the content of the signature blob. Previously, these could be inconsistent when a legacy or non-OpenSSH ssh-agent returned a RSA/SHA1 signature when asked to make a RSA/SHA2 signature. * sshd(8): fix failures to read authorized_keys caused by faulty supplemental group caching. bz#2873 * scp(1): apply umask to directories, fixing potential mkdir/chmod race when copying directory trees bz#2839 * ssh-keygen(1): return correct exit code when searching for and hashing known_hosts entries in a single operation; bz#2772 * ssh(1): prefer the ssh binary pointed to via argv[0] to $PATH when re-executing ssh for ProxyJump. bz#2831 * sshd(8): do not ban PTY allocation when a sshd session is restricted because the user password is expired as it breaks password change dialog. (regression in openssh-7.7). * ssh(1)/sshd(8): fix error reporting from select() failures. * ssh(1): improve documentation for -w (tunnel) flag, emphasising that -w implicitly sets Tunnel=point-to-point. bz#2365 * ssh-agent(1): implement EMFILE mitigation for ssh-agent. ssh-agent will no longer spin when its file descriptor limit is exceeded. bz#2576 * ssh(1)/sshd(8): disable SSH2_MSG_DEBUG messages for Twisted Conch clients. Twisted Conch versions that lack a version number in their identification strings will mishandle these messages when running on Python 2.x (https://twistedmatrix.com/trac/ticket/9422) * sftp(1): notify user immediately when underlying ssh process dies expectedly. bz#2719 * ssh(1)/sshd(8): fix tunnel forwarding; regression in 7.7 release. bz#2855 * ssh-agent(1): don't kill ssh-agent's listening socket entirely if it fails to accept(2) a connection. bz#2837 * sshd(8): relax checking of authorized_keys environment="..." options to allow underscores in variable names (regression introduced in 7.7). bz#2851 * ssh(1): add some missing options in the configuration dump output (ssh -G). bz#2835 Portability - ----------- * sshd(8): Expose details of completed authentication to PAM auth modules via SSH_AUTH_INFO_0 in the PAM environment. bz#2408 * Fix compilation problems caused by fights between zlib and OpenSSL colliding uses of "free_func" * Improve detection of unsupported compiler options. Recently these may have manifested as "unsupported -Wl,-z,retpoline" warnings during linking. * sshd(8): some sandbox support for Linux/s390 bz#2752. * regress tests: unbreak key-options.sh test on platforms without openpty(3). bz#2856 * use getrandom(2) for PRNG seeding when built without OpenSSL. Checksums: ========== - - SHA1 (openssh-7.8.tar.gz) = ed5511cd42b543cd15166a9cbc56705f23b847e7 - - SHA256 (openssh-7.8.tar.gz) = TDqIsMEmghsBUNCrSCPyCxChfitntyOLXNC694py1XE - - SHA1 (openssh-7.8p1.tar.gz) = 27e267e370315561de96577fccae563bc2c37a60 - - SHA256 (openssh-7.8p1.tar.gz) = GkhLsVFSwYO7JRThEqow3TQTjDz7Ay7uVJCmbFBxRMo Please note that the SHA256 signatures are base64 encoded and not hexadecimal (which is the default for most checksum tools). The PGP key used to sign the releases is available as RELEASE_KEY.asc from the mirror sites. Reporting Bugs: =============== - - Please read http://www.openssh.com/report.html Security bugs should be reported directly to openssh@openssh.com _______________________________________________ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW3+jCmaOgq3Tt24GAQhKcRAAhD4Tov8sm0m7EZBjpHSQQMHgV1gIHR1p BysC6ma3I6n1mwGBvPR6o4LVE7+iumi6khzZ8z9uSQXeqf2Umh2QML2dWPnNkg8f exHBr5+9OnZ6czcTGmjS6ifv2uOas0u3XOFoZUBIARXUN1CaDwTkrU1uPualJj/F fanG8VRLTqlYZBcgkCFbDxck2o3f8P9DWyuJdQYv44MkOAgGWonnjeEtGoDsW59e /ZG8XB21vocxALVPOj6TO5bEHjUZ9LTqCMCfgbDkPIdPAKhPApzw19uNn5e3C6RL 2Ixm7Nqi6GDJ7j/k3GhDxSxDQYi/ysdGTunD4R2pMtnniY7sMOADbZgHVV/EKYk8 nPeML3A4g5U0y5bnh5Q3UsiH3Polp5jlR4Vz9SFI6YoHpyH5O1KAJQK3/0hysiTs 1Aw9uCBw43n7FGIGKSA1C9mQJc+/1/5e6b6C5CeMeV+/fcQz7V5X1QMRky7FB7nc jV4DQkeC7xn+bRSpRmirM4eNhKk+S34ws0s3nNxULZIs7QmK0a9liJhtp9eS21gL DGOkrA7aGz/dCahGewgw3aF7R2f0sbL4fuelMwXZG5TQw72Gq/0Lky9v8Tzufh9Y wPqB7U2yBqpLuh6S/PDrQu29WPv8Ti06qpquKmMd8/iSzuZgUbX2UXNg1FM+b77g HRGnGK1olbs= =cDGC -----END PGP SIGNATURE-----