diff options
author | Colin Watson <cjwatson@debian.org> | 2020-02-21 11:57:14 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2020-02-21 14:27:02 +0000 |
commit | 886e47e745586c34e81cfd5c5fb9b5dbc8e84d04 (patch) | |
tree | dd6c3b4dc64a17c520af7aaf213163f8a0a63e56 /debian/NEWS | |
parent | ac2b4c0697fcac554041ab95f81736887eadf6ec (diff) | |
parent | a2dabf35ce0228c86a288d11cc847a9d9801604f (diff) |
New upstream release (8.2p1)
Diffstat (limited to 'debian/NEWS')
-rw-r--r-- | debian/NEWS | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS index 32a0c721e..1963c7919 100644 --- a/debian/NEWS +++ b/debian/NEWS | |||
@@ -1,3 +1,50 @@ | |||
1 | openssh (1:8.2p1-1) unstable; urgency=medium | ||
2 | |||
3 | OpenSSH 8.2 includes a number of changes that may affect existing | ||
4 | configurations: | ||
5 | |||
6 | * ssh(1), sshd(8), ssh-keygen(1): This release removes the "ssh-rsa" | ||
7 | (RSA/SHA1) algorithm from those accepted for certificate signatures | ||
8 | (i.e. the client and server CASignatureAlgorithms option) and will use | ||
9 | the rsa-sha2-512 signature algorithm by default when the ssh-keygen(1) | ||
10 | CA signs new certificates. | ||
11 | |||
12 | Certificates are at special risk to SHA1 collision vulnerabilities as | ||
13 | an attacker has effectively unlimited time in which to craft a | ||
14 | collision that yields them a valid certificate, far more than the | ||
15 | relatively brief LoginGraceTime window that they have to forge a host | ||
16 | key signature. | ||
17 | |||
18 | The OpenSSH certificate format includes a CA-specified (typically | ||
19 | random) nonce value near the start of the certificate that should make | ||
20 | exploitation of chosen-prefix collisions in this context challenging, | ||
21 | as the attacker does not have full control over the prefix that | ||
22 | actually gets signed. Nonetheless, SHA1 is now a demonstrably broken | ||
23 | algorithm and futher improvements in attacks are highly likely. | ||
24 | |||
25 | OpenSSH releases prior to 7.2 do not support the newer RSA/SHA2 | ||
26 | algorithms and will refuse to accept certificates signed by an OpenSSH | ||
27 | 8.2+ CA using RSA keys unless the unsafe algorithm is explicitly | ||
28 | selected during signing ("ssh-keygen -t ssh-rsa"). Older | ||
29 | clients/servers may use another CA key type such as ssh-ed25519 | ||
30 | (supported since OpenSSH 6.5) or one of the ecdsa-sha2-nistp256/384/521 | ||
31 | types (supported since OpenSSH 5.7) instead if they cannot be upgraded. | ||
32 | |||
33 | * ssh(1), sshd(8): Remove diffie-hellman-group14-sha1 from the default | ||
34 | key exchange proposal for both the client and server. | ||
35 | |||
36 | * ssh-keygen(1): The command-line options related to the generation and | ||
37 | screening of safe prime numbers used by the | ||
38 | diffie-hellman-group-exchange-* key exchange algorithms have changed. | ||
39 | Most options have been folded under the -O flag. | ||
40 | |||
41 | * sshd(8): The sshd listener process title visible to ps(1) has changed | ||
42 | to include information about the number of connections that are | ||
43 | currently attempting authentication and the limits configured by | ||
44 | MaxStartups. | ||
45 | |||
46 | -- Colin Watson <cjwatson@debian.org> Fri, 21 Feb 2020 12:11:52 +0000 | ||
47 | |||
1 | openssh (1:8.1p1-1) unstable; urgency=medium | 48 | openssh (1:8.1p1-1) unstable; urgency=medium |
2 | 49 | ||
3 | OpenSSH 8.1 includes a number of changes that may affect existing | 50 | OpenSSH 8.1 includes a number of changes that may affect existing |