diff options
| author | Colin Watson <cjwatson@debian.org> | 2020-02-21 11:57:14 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2020-02-21 14:27:02 +0000 |
| commit | 886e47e745586c34e81cfd5c5fb9b5dbc8e84d04 (patch) | |
| tree | dd6c3b4dc64a17c520af7aaf213163f8a0a63e56 /debian/NEWS | |
| parent | ac2b4c0697fcac554041ab95f81736887eadf6ec (diff) | |
| parent | a2dabf35ce0228c86a288d11cc847a9d9801604f (diff) | |
New upstream release (8.2p1)
Diffstat (limited to 'debian/NEWS')
| -rw-r--r-- | debian/NEWS | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS index 32a0c721e..1963c7919 100644 --- a/debian/NEWS +++ b/debian/NEWS | |||
| @@ -1,3 +1,50 @@ | |||
| 1 | openssh (1:8.2p1-1) unstable; urgency=medium | ||
| 2 | |||
| 3 | OpenSSH 8.2 includes a number of changes that may affect existing | ||
| 4 | configurations: | ||
| 5 | |||
| 6 | * ssh(1), sshd(8), ssh-keygen(1): This release removes the "ssh-rsa" | ||
| 7 | (RSA/SHA1) algorithm from those accepted for certificate signatures | ||
| 8 | (i.e. the client and server CASignatureAlgorithms option) and will use | ||
| 9 | the rsa-sha2-512 signature algorithm by default when the ssh-keygen(1) | ||
| 10 | CA signs new certificates. | ||
| 11 | |||
| 12 | Certificates are at special risk to SHA1 collision vulnerabilities as | ||
| 13 | an attacker has effectively unlimited time in which to craft a | ||
| 14 | collision that yields them a valid certificate, far more than the | ||
| 15 | relatively brief LoginGraceTime window that they have to forge a host | ||
| 16 | key signature. | ||
| 17 | |||
| 18 | The OpenSSH certificate format includes a CA-specified (typically | ||
| 19 | random) nonce value near the start of the certificate that should make | ||
| 20 | exploitation of chosen-prefix collisions in this context challenging, | ||
| 21 | as the attacker does not have full control over the prefix that | ||
| 22 | actually gets signed. Nonetheless, SHA1 is now a demonstrably broken | ||
| 23 | algorithm and futher improvements in attacks are highly likely. | ||
| 24 | |||
| 25 | OpenSSH releases prior to 7.2 do not support the newer RSA/SHA2 | ||
| 26 | algorithms and will refuse to accept certificates signed by an OpenSSH | ||
| 27 | 8.2+ CA using RSA keys unless the unsafe algorithm is explicitly | ||
| 28 | selected during signing ("ssh-keygen -t ssh-rsa"). Older | ||
| 29 | clients/servers may use another CA key type such as ssh-ed25519 | ||
| 30 | (supported since OpenSSH 6.5) or one of the ecdsa-sha2-nistp256/384/521 | ||
| 31 | types (supported since OpenSSH 5.7) instead if they cannot be upgraded. | ||
| 32 | |||
| 33 | * ssh(1), sshd(8): Remove diffie-hellman-group14-sha1 from the default | ||
| 34 | key exchange proposal for both the client and server. | ||
| 35 | |||
| 36 | * ssh-keygen(1): The command-line options related to the generation and | ||
| 37 | screening of safe prime numbers used by the | ||
| 38 | diffie-hellman-group-exchange-* key exchange algorithms have changed. | ||
| 39 | Most options have been folded under the -O flag. | ||
| 40 | |||
| 41 | * sshd(8): The sshd listener process title visible to ps(1) has changed | ||
| 42 | to include information about the number of connections that are | ||
| 43 | currently attempting authentication and the limits configured by | ||
| 44 | MaxStartups. | ||
| 45 | |||
| 46 | -- Colin Watson <cjwatson@debian.org> Fri, 21 Feb 2020 12:11:52 +0000 | ||
| 47 | |||
| 1 | openssh (1:8.1p1-1) unstable; urgency=medium | 48 | openssh (1:8.1p1-1) unstable; urgency=medium |
| 2 | 49 | ||
| 3 | OpenSSH 8.1 includes a number of changes that may affect existing | 50 | OpenSSH 8.1 includes a number of changes that may affect existing |