openssh_7.4p1-1_source.changes ACCEPTED into unstable
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 27 Dec 2016 18:01:46 +0000
Source: openssh
Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.4p1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote machines
openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 147201 419574 765630 848089 848714 848715 848716 848717
Changes:
openssh (1:7.4p1-1) unstable; urgency=medium
.
* New upstream release (http://www.openssh.com/txt/release-7.4):
- ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit
block ciphers are not safe in 2016 and we don't want to wait until
attacks like SWEET32 are extended to SSH. As 3des-cbc was the only
mandatory cipher in the SSH RFCs, this may cause problems connecting
to older devices using the default configuration, but it's highly
likely that such devices already need explicit configuration for key
exchange and hostkey algorithms already anyway.
- sshd(8): When a forced-command appears in both a certificate and an
authorized keys/principals command= restriction, sshd will now refuse
to accept the certificate unless they are identical. The previous
(documented) behaviour of having the certificate forced-command
override the other could be a bit confusing and error-prone.
- sshd(8): Remove the UseLogin configuration directive and support for
having /bin/login manage login sessions.
- CVE-2016-10009: ssh-agent(1): Will now refuse to load PKCS#11 modules
from paths outside a trusted whitelist (run-time configurable).
Requests to load modules could be passed via agent forwarding and an
attacker could attempt to load a hostile PKCS#11 module across the
forwarded agent channel: PKCS#11 modules are shared libraries, so this
would result in code execution on the system running the ssh-agent if
the attacker has control of the forwarded agent-socket (on the host
running the sshd server) and the ability to write to the filesystem of
the host running ssh-agent (usually the host running the ssh client)
(closes: #848714).
- CVE-2016-10010: sshd(8): When privilege separation is disabled,
forwarded Unix-domain sockets would be created by sshd(8) with the
privileges of 'root' instead of the authenticated user. This release
refuses Unix-domain socket forwarding when privilege separation is
disabled (Privilege separation has been enabled by default for 14
years) (closes: #848715).
- CVE-2016-10011: sshd(8): Avoid theoretical leak of host private key
material to privilege-separated child processes via realloc() when
reading keys. No such leak was observed in practice for normal-sized
keys, nor does a leak to the child processes directly expose key
material to unprivileged users (closes: #848716).
- CVE-2016-10012: sshd(8): The shared memory manager used by
pre-authentication compression support had a bounds checks that could
be elided by some optimising compilers. Additionally, this memory
manager was incorrectly accessible when pre-authentication compression
was disabled. This could potentially allow attacks against the
privileged monitor process from the sandboxed privilege-separation
process (a compromise of the latter would be required first). This
release removes support for pre-authentication compression from
sshd(8) (closes: #848717).
- SECURITY: sshd(8): Validate address ranges for AllowUser and DenyUsers
directives at configuration load time and refuse to accept invalid
ones. It was previously possible to specify invalid CIDR address
ranges (e.g. user@127.1.2.3/55) and these would always match, possibly
resulting in granting access where it was not intended.
- ssh(1): Add a proxy multiplexing mode to ssh(1) inspired by the
version in PuTTY by Simon Tatham. This allows a multiplexing client
to communicate with the master process using a subset of the SSH
packet and channels protocol over a Unix-domain socket, with the main
process acting as a proxy that translates channel IDs, etc. This
allows multiplexing mode to run on systems that lack file-descriptor
passing (used by current multiplexing code) and potentially, in
conjunction with Unix-domain socket forwarding, with the client and
multiplexing master process on different machines. Multiplexing proxy
mode may be invoked using "ssh -O proxy ...".
- sshd(8): Add a sshd_config DisableForwarding option that disables X11,
agent, TCP, tunnel and Unix domain socket forwarding, as well as
anything else we might implement in the future. Like the 'restrict'
authorized_keys flag, this is intended to be a simple and future-proof
way of restricting an account.
- sshd(8), ssh(1): Support the "curve25519-sha256" key exchange method.
This is identical to the currently-supported method named
"curve25519-sha256@libssh.org".
- sshd(8): Improve handling of SIGHUP by checking to see if sshd is
already daemonised at startup and skipping the call to daemon(3) if it
is. This ensures that a SIGHUP restart of sshd(8) will retain the
same process-ID as the initial execution. sshd(8) will also now
unlink the PidFile prior to SIGHUP restart and re-create it after a
successful restart, rather than leaving a stale file in the case of a
configuration error.
- sshd(8): Allow ClientAliveInterval and ClientAliveCountMax directives
to appear in sshd_config Match blocks.
- sshd(8): Add %-escapes to AuthorizedPrincipalsCommand to match those
supported by AuthorizedKeysCommand (key, key type, fingerprint, etc.)
and a few more to provide access to the contents of the certificate
being offered.
- ssh(1): Allow IdentityFile to successfully load and use certificates
that have no corresponding bare public key.
- ssh(1): Fix public key authentication when multiple authentication is
in use and publickey is not just the first method attempted.
- ssh(1): Improve reporting when attempting to load keys from PKCS#11
tokens with fewer useless log messages and more detail in debug
messages.
- ssh(1): When tearing down ControlMaster connections, don't pollute
stderr when LogLevel=quiet.
- sftp(1): On ^Z wait for underlying ssh(1) to suspend before suspending
sftp(1) to ensure that ssh(1) restores the terminal mode correctly if
suspended during a password prompt.
- ssh(1): Avoid busy-wait when ssh(1) is suspended during a password
prompt (LP: #1646813).
- ssh(1), sshd(8): Correctly report errors during sending of ext-info
messages.
- sshd(8): Fix NULL-deref crash if sshd(8) received an out-of-sequence
NEWKEYS message.
- sshd(8): Correct list of supported signature algorithms sent in the
server-sig-algs extension.
- sshd(8): Fix sending ext_info message if privsep is disabled.
- sshd(8): More strictly enforce the expected ordering of privilege
separation monitor calls used for authentication and allow them only
when their respective authentication methods are enabled in the
configuration.
- sshd_config(5): Use 2001:db8::/32, the official IPv6 subnet for
configuration examples.
- On environments configured with Turkish locales, fall back to the
C/POSIX locale to avoid errors in configuration parsing caused by that
locale's unique handling of the letters 'i' and 'I' (LP: #1638338).
- contrib: Add a gnome-ssh-askpass3 with GTK+3 support.
- sshd(8): Improve PRNG reseeding across privilege separation and force
libcrypto to obtain a high-quality seed before chroot or sandboxing.
* Apply "wrap-and-sort -at -f debian/control -f debian/tests/control".
* Remove entries related to protocol 1 from the default sshd_config
generated on new installations.
* Remove some advice related to protocol 1 from README.Debian.
* Start handling /etc/ssh/sshd_config using ucf. The immediate motivation
for this is to deal with deprecations of options related to protocol 1,
but something like this has been needed for a long time (closes:
#419574, #848089):
- sshd_config is now a slightly-patched version of upstream's, and only
contains non-default settings (closes: #147201).
- I've included as many historical md5sums of default versions of
sshd_config as I could reconstruct from version control, but I'm sure
I've missed some.
- Explicitly synchronise the debconf database with the current
configuration file state in openssh-server.config, to ensure that the
PermitRootLogin setting is properly preserved.
- UsePrivilegeSeparation now defaults to the stronger "sandbox" rather
than "yes", per upstream.
* Remove redundant "GSSAPIDelegateCredentials no" from ssh_config (already
the upstream default), and document that setting ServerAliveInterval to
300 by default if BatchMode is set is Debian-specific (closes: #765630).
* Build gnome-ssh-askpass with GTK+ 3 (LP: #801187).
* When running regression tests under autopkgtest, use a non-root user
with passwordless sudo.
Checksums-Sha1:
c26aadec70b3c4babde0ce5f9e0a67977f94448d 2944 openssh_7.4p1-1.dsc
2330bbf82ed08cf3ac70e0acf00186ef3eeb97e0 1511780 openssh_7.4p1.orig.tar.gz
e2db107122dd929ac5f58654fbf9d574cc7410c6 154012 openssh_7.4p1-1.debian.tar.xz
Checksums-Sha256:
d352e9b3ab5db509ee02260cd5cf6be64cef6e991b8d0a33fc2e971d77a9c0d8 2944 openssh_7.4p1-1.dsc
1b1fc4a14e2024293181924ed24872e6f2e06293f3e8926a376b8aec481f19d1 1511780 openssh_7.4p1.orig.tar.gz
a910e0eab89f886a0144819a3298e70c5ba0aa1ab3e05d1ac130a9479dd96fa9 154012 openssh_7.4p1-1.debian.tar.xz
Files:
bed2f83755abfe6c92039c20a4fff05d 2944 net standard openssh_7.4p1-1.dsc
b2db2a83caf66a208bb78d6d287cdaa3 1511780 net standard openssh_7.4p1.orig.tar.gz
a3cd7786136599d77d174197db551595 154012 net standard openssh_7.4p1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer
iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAlhirNsACgkQOTWH2X2G
UAtJCA/+J/650u/zsWJ010q2xXYZtikw5Ns/Fyqmi3j5qtYKno6gD3g5Vv18F2ZB
A4wy64s1p6Zzx0GftxCRHEz0ITb3LEgbJLYXNrywFE2qsa9D/aQUAN1O7R12kTlf
QviJ4tRxD8MZs4VRPvHr36BhHgzbT69IX7oHsAxrXIHVfhTw+tBJKTohVBOhy3fA
IQd8A08Lyc8HJsvX5NJ7HAb+h9IxmDW2Cn/xX/rYLefFlkrIobGupfHPRnBFHxuQ
+QD/C4gnQYIAE1GNTX89id2D6/kCUwY7V3JrALfHQkVB+gRhUv9yrqB+lQchwUf0
31Ac5O2Fiufsks8ImCOwCIn3eevvNJzs/paVlDU3MWlT/GkR+idguxsdsYAwl0yB
OZ3t8IIIunJrWfPs90U8twHl0u8KgzxwhGBjiYV92dquLn/DuSoByeYGgPCfmdrd
K9r4WbaisxeucQMHIf1kTkjqoQe1z8l/Osi9BBvxJugjXtQ9ef6DknKAliQ4EbpN
+kAdQcwWCEBSBcf5d83qldIWk8yJypu1LfrO0YZQRRbXoDu838lQ8lCbhpMKWU/z
g/s4OVGIG0WzsCqTES4JZFe9JzQ+Lev4aAtP3U7UIYO+3/Xtb9OCz9yZDK40PqX4
B4D41u703Edk+qnCZ/GqiA6DkVFDi0hhgLmAdfd2bFVTjv/3iQs=
=sJWw
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
Reply to: