[arch-dev-public] [signoff] openssh-5.8p1-1
Gaetan Bisson
bisson at archlinux.org
Fri Feb 4 02:42:17 EST 2011
Hi all,
OpenSSH 5.8 has just been released as a security update on 5.7; see the
Changelog below. Nothing but the version numbers and checksums changed
in the PKGBUILD of openssh-5.8-p1-1, which I just put in [testing].
Please test and signoff so we can move this as quickly as possible.
Cheers.
--
Gaetan
Changes since OpenSSH 5.7
=========================
Security:
* Fix vulnerability in legacy certificate signing introduced in
OpenSSH-5.6 and found by Mateusz Kocielski.
Legacy certificates signed by OpenSSH 5.6 or 5.7 included data from
the stack in place of a random nonce field. The contents of the stack
do not appear to contain private data at this point, but this cannot
be stated with certainty for all platform, library and compiler
combinations. In particular, there exists a risk that some bytes from
the privileged CA key may be accidentally included.
A full advisory for this issue is available at:
http://www.openssh.com/txt/legacy-cert.adv
Portable OpenSSH Bugfixes:
* Fix compilation failure when enableing SELinux support.
* Do not attempt to call SELinux functions when SELinux is disabled.
bz#1851
More information about the arch-dev-public
mailing list